Re: [Shorewall-users] firewall bridge on eth1 eth0 with same subnet

Fri, 29 Aug 2008 08:33:14 -0700 


Simon Hobson ha scritto:

hOZONE wrote:


  

i have to create two separated network (NET_A and NET_B), using the 
same router.
pc on NET_A can not comunicate pc on NET_B, NET_B can not comunicate 
with pc on NET_A.

NET_A and NET_B should have the same subnet


my aim is not no "bridge", but to make two network, with the same subnet.
eth0 should act as the wifi router (192.168.1.1) of the NET_A
shorewall should act as a gateway.

    



You can do that by running the firewall as a bridge - but all 
addresses have to be unique. You can control traffic between physical 
nets with policies and rules - but you will have to carefully manage 
broadcast traffic to make the two sides invisible to each other.



But you haven't said WHY you want to do this, it's a far from ideal 
configuration.



  

it's for a architect.
he has two office (let's call NET_A and NET_B), max 10 pc per office.

the internet gateway is 192.168.1.1 with dhcp (192.168.1.100 to 
192.168.1.250) and it is "closed" by the ISP vendor, so it must has this 
addess.

there is one server (192.168.1.3) which must be visible in office A.

pc in office NET_A should not see pc of operators in office NET_B, and 
viceversa.

all pc has win XP.

NET_A can browse internet cause is connected to router.

if i act shorewall as a bridge, can i DROP all traffic from NET_A to 
NET_B, and from NET_B to NET_A, except traffic from NET_B to 192.168.1.1 
(cause i want pc in NET_B to browse on internet).


router (192.168.1.1)

  |-> eth1 (192.168.1.99) - shorewall bridge - eth0 (192.168.1.???) <-> NET_B 
(192.168.1.0/24)
  |-> NET_A (192.168.1.0/24)
  |-> + server (192.168.1.3)

p.s. sorry but my english is poor.

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users






















					Reply via email to