Sebastian Faerber wrote:
> i need to setup a linux box which acts as a firewall.
> Here's a little diagramm to show you how it should work.
> The LinuxFirewall has 2 NICs installed, one is connected to a hub, the other
> one directly to the router :
>
> Clients <--> HUB <--> LinuxFirewall <---------> CiscoRouter <--->Internet
> 199.12.1.10 199.12.1.250 199.12.1.251 199.12.1.254
>
>
> I have real IPs for all the machines so i don't need to do masquerading or
> anything similiar.
> I have tried this several times but it didn't work ...
> So, any suggestions how this could be done (do i have to subnet or
> something) ??
>
> Please give me a hint into the right direction :)
The usual error in this situation is forgetting that you need to
either:
1. Give the hosts on either side of the firewall the correct routing
entries, i.e.:
On the clients, you need the equivalent of:
route add -net 199.12.1.0 netmask 255.255.255.0 dev eth0
route add default gw 199.12.1.250
on the Cisco router, you need the equivalent of:
route add -host 199.12.1.251 dev eth0
route add -net 199.12.1.0 netmask 255.255.255.0 gw 199.12.1.251
route add default dev sl0
2. Use proxy ARP to make the firewall transparent. AFAICT, to do this
on 2.2 you just need to use:
echo 1 > /proc/sys/net/ipv4/conf/all/proxy_arp
--
Glynn Clements <[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
