On 10/18/2011 5:43 PM, Alan Madill wrote: > Hi, > > I am building a firewall that will have two groups of subnets behind it which > I'll provision via vlans. > > The upstream provider will be supplying a router with a single interface with > two subnets routed into it, one is a private connection to the corporate WAN > and > the other is a public (Internet) block. > > One group of subnets behind the firewall will be SNAT'd out through a public > IP > on the firewall and another group will be routed on out through the corporate > WAN to another site and eventually an Internet gateway via a private IP on the > firewall. > > What I am struggling with is using IP aliases on a single interface on the > firewall to communicate with the upstream router. I'm thinking it might be > easier to add a third nic with a separate address, plug them both into a > switch > along with the upstream.
Further to this. When you specify track as an option in providers with an aliased interface it uses the mac address to mark the packet, would not both macs be the same on the upstream router? > Any hints would be appreciated. > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure contains a > definitive record of customers, application performance, security > threats, fraudulent activity and more. Splunk takes this data and makes > sense of it. Business sense. IT sense. Common sense. > http://p.sf.net/sfu/splunk-d2d-oct > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > ------------------------------------------------------------------------------ The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Ciosco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
