Leonardo Boselli wrote:
>
> You forget one thing: there are 10 other machines (addresses 3 to 13)
> that need not to be firewalled, and must be accessible from
> ANY pother
> ost either internally and externally, without passing the FW.
> The second group really is not a problem, since are just
Leonardo,
I may not exactly understand what you are trying to do but if the only
thing you are trying to accomplish is firewalling the machines
differently, couldn't you just:
1) assign them different gateways. The "open" machines would use the
"real" gateway. The other two groups would use th
You forget one thing: there are 10 other machines (addresses 3 to 13)
that need not to be firewalled, and must be accessible from ANY pother
ost either internally and externally, without passing the FW.
The second group really is not a problem, since are just virtual
addresses for a machine in t
On Wednesday 24 September 2003 10:47, Leonardo Boselli wrote:
> I have a /24 subnet.
> .1 is the gateway and almost all IP from 2 to 254 are occupied.
> I would like to split the host in three groups:
> 12 that can have full access, 12 thought one firewall and the other 205
> throught a second fir
On Thu, 25 Sep 2003 00:47, Leonardo Boselli wrote:
> I have a /24 subnet.
> .1 is the gateway and almost all IP from 2 to 254 are occupied.
> I would like to split the host in three groups:
> 12 that can have full access, 12 thought one firewall and the other 205
> throught a second firewall.
> I c
So you suggest so set on the firewalls a proxy arp for all the machines ?
of course i thing it should be on both sides of the FW .
What is the advantages/defects of this arrangement against a
route
0.0.0.0 0.0.0.0 x.x.x.1
x.x.x.0 255.255.255.240 myip
x.x.x.16 255.255.255.240 firstfw
x.x.x.0 255.
6 matches
Mail list logo
