Re: iptables firewall and forwarding.

From: Glynn Clements (glynn.clements@virgin.net)
Date: 10/22/02

Previous message: Devdas Bhagat: "Re: iptables firewall and forwarding."
In reply to: Sheldon Lee Wen: "iptables firewall and forwarding."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Glynn Clements <glynn.clements@virgin.net>
Date: Tue, 22 Oct 2002 05:05:26 +0100
To: "Sheldon Lee Wen" <sheldon.leewen@cgi.com>

Sheldon Lee Wen wrote:

> I'm in a big bind. Our raptor firewall is toast,
>
> That said, now my boss wants to put in a linux firewall.
>
> The dev servers are on network xxx.xxx.xxx.xxx and the developer workstations
> are on yyy.yyy.yyy.yyy
>
> I have the box on both networks and masquerading, so that you can go from the
> developer workstations to the development servers. However, the development
> servers use to be on the yyy.yyy.yyy.yyy and the raptor firewall has been
> forwarding their old yyy.yyy.yyy.yyy addresses to the xxx.xxx.xxx.xxx
> addresses, but the raptor firewall is not the router or gateway for the
> yyy.yyy.yyy.yyy network. So, I'm not sure how I can do that on Linux. Has the
> raptor firewall been acting as a router as well? Do I need routed on Linux?
>
> How do I do this on linux?

So the workstations think that the servers are on the same network? If
that's the case, you need to use proxy-ARP on the firewall (or,
preferably, just reconfigure the workstations to use the new addresses
for the servers).

Also, the "firewall" is already acting as a router. And, in any case,
you don't need a routing daemon (routed, gated etc) in order to
perform routing. A routing daemon exchanges routing information with
other routing daemons and updates the local routing table
automatically.

On a large network, or one where routes change regularly, routing
daemons eliminate the need to update routing tables manually. On a
small network where the routes change infrequently, using a routing
daemon isn't worth the effort involved in installation and
maintenance.

-- 
Glynn Clements <glynn.clements@virgin.net>

Previous message: Devdas Bhagat: "Re: iptables firewall and forwarding."
In reply to: Sheldon Lee Wen: "iptables firewall and forwarding."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: iptables firewall and forwarding.
... > servers use to be on the yyy.yyy.yyy.yyy and the raptor firewall has been= ... > yyy.yyy.yyy.yyy network. ... I'm not sure how I can do that on Linux. ... however it is not the gateway for the yyy network? ...
(Focus-Linux)
Re: iptables firewall and forwarding.
... > developer workstations to the development servers. ... > servers use to be on the yyy.yyy.yyy.yyy and the raptor firewall has been ... > yyy.yyy.yyy.yyy network. ...
(Focus-Linux)