Re: [fw-wiz] two networks same proxy server
From: Paul D. Robertson (proberts@patriot.net)
Date: 03/25/03
- Previous message: Devdas Bhagat: "Re: [fw-wiz] two networks same proxy server"
- In reply to: Robert E. Martin: "[fw-wiz] two networks same proxy server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Paul D. Robertson" <proberts@patriot.net> To: "Robert E. Martin" <rmartin@fishburne.org> Date: Mon, 24 Mar 2003 22:20:10 -0500 (EST)
On Mon, 24 Mar 2003, Robert E. Martin wrote:
> This may be the wrong place to ask this but here goes....
>
> I have two networks
> 192.168.98.x
> 192.168.99.x
>
> and one proxy server
> 192.168.99.10
>
> I have a Linux box, Mandrake 7 with 3 interfaces
> eth0
> eth1
> eth2
> The linux box runs ipchains as a firewall....
>
> I want the 98 and 99 network to use the same proxy server.
>
> This proxy is an iPrism appliance. I have set ip routes inside of it to
> tell it where the networks are.
> 192.168.98.0 lives on eth2:1 192.168.99.x
>
> Also, I have tried secondary adresses on the interfaces:
>
> eth0 216.12.31
> eth1 192.168.99
> eth2 192.168.98
> eth2:1 192.168.99
You can't have two interfaces with the same address, in this case, you've
got both eth1 and eth2's shadow with the same address. It almost sounds
like both the Linux box and the proxy are sitting on both networks, which
is more than slightly confusing.
>
> Clear as mud, right?
>
> I have tried to route across the box to the 98 network and had no luck.
> I am kind of new to the routing thing so any help would be appreciated.
If it's the Linux box is acting as the router, then it needs to have IP
forwarding turned on, and it needs to be the gateway for the boxes it's
routing for (with the appropriate interface address for the network its
sitting on as the route.) It's own routing tables will handle the rest of
it, but the interfaces need to not have the same IP address. There's
probably a copy of the Linux Network Administration Guide by Olaf Kirch
laying around the Net somewhere, and likely that or one of the newer LDP
documents will help you.
If the proxy is off of one leg of the Linux box, then some traffic will
have to transit that box twice to get out (assuming the Linux box is the
gateway out to the rest of the world,) so it should probably sit on
the segment with the highest utilization. That is, if the bulk of the
clients live on the .98 subnet *and* the proxy isn't vulnerable to attack
from them, then it should probably live there too, so that the traffic
doesn't have to go through the Linux box from client to proxy, then again
from proxy to Internet.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts@patriot.net which may have no basis whatsoever in fact."
probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Devdas Bhagat: "Re: [fw-wiz] two networks same proxy server"
- In reply to: Robert E. Martin: "[fw-wiz] two networks same proxy server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
