[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Tue May 31 16:44:21 2005 -->
- <!--x-from-r13: wfurrgf ng lnubb.pbz (Xrenyq Eurrgf) -->
- <!--x-message-id: 38733473-1478-482F-A104-[email protected] -->
- <!--x-reference: [email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] Firewall design -->
- <li><em>date</em>: Tue May 31 16:44:21 2005</li>
- <li><em>from</em>: jsheets at yahoo.com (Jerald Sheets)</li>
- <li><em>in-reply-to</em>: <<a href="msg01094.html">[email protected]</a>></li>
- <li><em>references</em>: <<a href="msg01094.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] Firewall design</li>
It uses your primary ethernet (IP's removed for safety):
eth1 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX
inet addr:**.**.**.** Bcast:**.**.**.** Mask:
255.255.255.248
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:37973138 errors:0 dropped:0 overruns:0 frame:0
TX packets:31729095 errors:0 dropped:0 overruns:0 carrier:0
collisions:4922 txqueuelen:1000
RX bytes:502443111 (479.1 Mb) TX bytes:1688004962 (1609.8
Mb)
Interrupt:5 Base address:0x250 Memory:c0000-c2000
It aliases the rest of the IP's I was given by Speedfactory, and
IPCop answers for all of them. I then use ipfw to send the two DNS
servers to the right internal boxes, and whatever is on my DMZ. When
configured, those look like so:
eth1:0 Link encap:Ethernet HWaddr 00:E0:29:49:BA:C9
inet addr:**.**.**.** Bcast:**.**.**.** Mask:
255.255.255.248
UP BROADCAST RUNNING MTU:1500 Metric:1
Interrupt:5 Base address:0x250 Memory:c0000-c2000
eth1:1 Link encap:Ethernet HWaddr 00:E0:29:49:BA:C9
inet addr:**.**.**.** Bcast:**.**.**.** Mask:
255.255.255.248
UP BROADCAST RUNNING MTU:1500 Metric:1
Interrupt:5 Base address:0x250 Memory:c0000-c2000
eth1:2 Link encap:Ethernet HWaddr 00:E0:29:49:BA:C9
inet addr:**.**.**.** Bcast:**.**.**.** Mask:
255.255.255.248
UP BROADCAST RUNNING MTU:1500 Metric:1
Interrupt:5 Base address:0x250 Memory:c0000-c2000
eth1:3 Link encap:Ethernet HWaddr 00:E0:29:49:BA:C9
inet addr:**.**.**.** Bcast:**.**.**.** Mask:
255.255.255.248
UP BROADCAST RUNNING MTU:1500 Metric:1
Interrupt:5 Base address:0x250 Memory:c0000-c2000
the inet address in each case is one of the 5 consecutives given me
by SF.
As you can probably tell at this point, I'm a huge proponent of
IPCop. It's easy to set up, and uses commodity hardware. I love it.
Jerald M. Sheets jr.
Sr. UNIX Systems Administrator
McKesson, Inc.
404.293.8762
On May 31, 2005, at 3:30 PM, Christopher Fowler wrote:
> Typically all the firewall's that I've used have been the MASQ type.
> I've received one public IP address and placed that on eth0 and
> eth1 is
> a private on a 192.168.2.X.
>
> I am looking at expanding the number of public IP's from 1 to 5. I
> have
> a question as to how this is configured. If my GDuo from SF
> connects via
> a crossover cable to my firewall how do I get the remaining 4 public
> IP's available to the other devices? Do I somehow make them available
> on eth1?
>
> One setup I'm looking at colocating some servers at E-Deltacomm. They
> will give me 16 public IPs and I want them to only go through one
> Linux
> firewall. This was easy when that firewall was also the gateway.
>
> I guess when I do get the 16 ips they'll give me the gw address, the
> subnet mask and network address. I could simply plug their network
> cable into a Cisco switch and then have 16 servers attached to but
> then
> they would all be vulnerable to the public network. Is there a way I
> can plug a Linux box between E-Deltacomm and my Cisco switch and
> have it
> do filtering but not have an IP address on either eth0 or eth1. This
> could be an invisible inline firewall thingy :)
>
> Chris
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> <a rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
>
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="01102" href="msg01102.html">[ale] Firewall design</a></strong>
<ul><li><em>From:</em> cfowler at outpostsentinel.com (Christopher Fowler)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="01094" href="msg01094.html">[ale] Firewall design</a></strong>
<ul><li><em>From:</em> cfowler at outpostsentinel.com (Christopher Fowler)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg01096.html">[ale] Firewall design</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg01098.html">[ale] USB external HDD</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg01094.html">[ale] Firewall design</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg01102.html">[ale] Firewall design</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#01097"><strong>Date</strong></a></li>
<li><a href="threads.html#01097"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>