Subnet, gateway and iptables question

From: B (
Date: 02/07/02

From: (B)
Date: 7 Feb 2002 06:25:45 -0800


The situation is this, I have one real firewall setup which works
fine. Its connected to the internet through a lease line. I then split
the incoming line into 2 and connected another test firewall machine.
I gave this test firewall a test lan to protect. I then setup my
firewall ruleset to allow ssh connections to the test firewall and the
test lan machine. The firewall rules also dnatted 124.XX.XX.XX (one of
my free external IPs) to the internal address of the lan machine.

I had problems with this as I couldnt connect to the lan machine using
the external 124.xx.xx.xx address(i was trying to connect from a
machine on the real lan behind the real firewall). All I was getting
was arp-request who has 124.xx.xx.xx from the real firewall machine.

I then subnetted my test firewall onto a different network than the
real firewall and setup the routing table in the real firewall to
point to this new subnet with the test firewall as the gateway. Since
then all has gone according to plan.

Can anyone explain why this is so. If i hadnt subnetted the test
firewall and left both firewall machines on the same network, just
changing the routing table on the real firewall to say that the test
firewall was a gateway to its own network would everything have worked
that way?


Relevant Pages

  • Re: change of public IP
    ... >> disagree strong enough with the DMZ solution. ... >> outside the firewall. ... the DMZ is just as secure as the LAN network. ... > In a real firewall solution, the only reason to have the DMZ is to ...
  • Re: change of public IP
    ... Exchange 2003 server and such, it's amazing to see them complain about ... spending $1900 on a firewall appliance to protect all of their network. ... >>> disagree strong enough with the DMZ solution. ... >> In a real firewall solution, the only reason to have the DMZ is to ...
  • Re: Firewall recommendation
    ... The freeGuard 100 comes with unlimited users, ... filtering categories similar to the SonicWALL TZ180 with Premium content ... firewall, even though "real firewall" is a subjective term, as some people ...
  • Re: SBS 2003 Std Edition and exchange2003
    ... A 'real firewall' will cost similarly, ... more, than upgrade to SBS Premium which includes a real firewall, ISA. ... If you must allow VPN into the network I don't really care whether the VPN ...
  • Consulting some redirect port with windows to a iptables firewall
    ... I have a firewall with iptables redirecting some port to a LAN machine. ... outside, i obtain satisfatory response. ...