[Shorewall-users] Advice needed

Tom Eastep teastep at shorewall.net
Tue Dec 9 09:02:07 PST 2003


On Tuesday 09 December 2003 08:55 am, Carlos Cajina - Hotmail wrote:
>
> From the docs: "[...] you can configure your network [...] with one
> additional twist; simply specify the 'proxyarp' option on all three
> firewall interfaces in the /etc/shorewall/interfaces file."
>
> Now, chances are that I'm not getting the whole thing right, but if I do as
> stated above, the recommendation against connecting the internal and
> external interface to the same hub or switch (except for testing) is still
> valid?

Yes.

>
> I was planning to follow your advice about physically placing the firewall
> between the switches and the router. The "thing" is, that the IP's in the
> two avaliable subnetworks are all public and I'm told not to use RFC1918
> addresses.
>

That's fine.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-users mailing list