<No subject>

Theresa Lane Wed, 12 Jul 2000 07:58:53 -0700
     greeetings:
     
     perhaps a kindly soul could help an overly confident newbie.
     
     i am attempting to insert a linux firewall in between a linux router 
     and an nt subnet.  there are multiple boxes on the subnet
     and only 6 are supposed to be behind the firewall.
     
     this is the current configuration.
     
     internet==> router ==> eth1 184.92.52.32 ====>nt boxes 184.92.52.*
                           netmask 255.255.255.224
     
     my proposed configuration is:
     
     internet==> router ==> eth1 184.92.52.32 ===>non firewalled nt boxes
                                              ===>firewall 184.92.52.38
                                                              ||
                                                              ||
                                                  private firewalled subnet
                                                           192.168.44.*
                                                  netmask 255.255.255.0
     
     the router belongs to the ISP and can not be changed without pulling 
     eye teeth.
     
     the hardware looks like this:
     
     
     cable modem > router > 5 port hub
     
                            |1|                  |2|            |uplink|    
         
                     router plugged here   firewall here   rest of subnet
      
                                               hub              hub         
                                             devices           devices
     
     the distribution being used is red hat 6.1 right out of the box.
     
     the kernel has been recompiled.  it is monolithic up.  modular
     support is configed but necessary options are compiled into the
     kernel.
     
     network initialization is accomplished through red hat scripts.
     
     ipchains script accomplishes nat for firewalled subnet.
     
     all firewalled boxes have 184.92.52.38 as their gateway.
     
     all other boxes on the subnet have 184.92.52.32 as their gateway.
     
     everything works correctly from inside the firewalled subnet.
     
     the boxes can talk to each other and get out using .38 as 
     a proxy.
     
     however, from the outside in, the only thing the firewall can see
     is broadcast traffic for 184.92.52.255.
     
     ifconfig for eth1 on the firewall shows an oddity.  no matter what
     ip address you put in IPADDR for the red hat network initialization
     scripts to use,  the address for this interface is always 
     184.92.52.38.
     
     it occurred to me that this might be the lack of the option
     config_as_router_not_as_host.  however, i can't check this 
     because my last config dataset was overlayed by my own stupidity.
     i am rebuilding the kernel to recreate the config dataset but
     have upleveled sources to 2.3.15 and don't want to throw another
     variable into the soup.
     
     i have put eth1 into promiscuous mode.  but still packets which
     i am reasonably sure are on the wire do not seem to be visible 
     to the firewall.
     
     any suggestions would be appreciated.
     
     thanks in advance.
     
     w.
Reply via email to
