[Shorewall-users] External IPs on different subnet
Sun, 5 May 2002 19:57:36 -0700 (PDT)
Thanks for the tips Tom. I'm gonna test this out and
see how it goes. :)
--- Tom Eastep <firstname.lastname@example.org> wrote:
> On Thu, 2 May 2002, Arien Monster wrote:
> > hope someone can help me here. I tried looking for
> > help in the archive, but didn't come up with what
> > wanted.
> I'm not surprised -- I don't recall this ever coming
> up before.
> > Anyways, here's my problem. I've been issued a
> > of IPs, and they're on two different subnets. So I
> > have two different gateways, and two different
> > of IPs, and one firewall. My firewall has two NIC
> > cards, and I use proxyarp to map the IPs to the
> > servers (saves me from some hassles). My question
> > this: is it possible to add the different subnet
> of my
> > external IP to the same firewall? My external nic
> > eth0, and the internal is eth1. Hope someone could
> > help me with this.
> I haven't tried this but it should work.
> a) Add the second gateway address to eth0 with no
> b) Add the same address to eth1 along with its
> c) Add the second subnet to /etc/shorewall/proxyarp
> with the "HAVEROUTE"
> column set to "Yes". Alternatively, simply arrange
> for both eth0 and eth1
> to have the proxy_arp flag set in
> /proc/sys/net/ipv4/conf and don't fool
> with Shorewall's proxy ARP config (You will have to
> have defined your
> other subnet locally in the same way).
> You have two choices for how to let the two subnets
> 1) Define a new subnet route on each local system to
> allow direct
> 2) Route through your firewall:
> - set the 'multi' option on eth1 in
> - add a loc->loc ACCEPT policy.
> Tom Eastep \ Shorewall - iptables made easy
> AIM: tmeastep \ http://www.shorewall.net
> ICQ: #60745924 \ email@example.com
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness