Re: Transparent Firewall with NAT

Score:

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Marcus Andree <marcusandree@...>

To: Cédric THIBAULT <cedric.thibault@...>

Cc: misc <misc@...>

Subject: Re: Transparent Firewall with NAT

Date: Wednesday, October 10, 2007 - 1:00 pm

You _may_ be able to apply the following setup (borrowing from
someone else's design :-) :

inside box (1)----> firewall/bridge doing nat (2)-----> default
gateway----> internet
                       if1                                      if2

Let's just suppose that if2 has the ip address IP2 configured.

1 - set interface if1 to brigde interface if2.
2 - your fw/bridge computer has a default route to a gateway that can
     forward packets to the net
3 - do not assign an IP address to if1
4 - do your pf home lesson to NAT computers from the "inside network", using
     "external"  IP2 address
5 - somehow, the computers from your "inside network" should be set to use
     IP2 as default gateway.
     5 a) This implies that IP2 lies in the same net address you're
using on your
     "inside network".
     5 b) Or you have a static route pointing to IP2 on each "inside network"
     computer.
     This implies that each computer on this net segment can
      talk directly to your default gateway that handles internet
connections. To
     limit this communication and enforce all clients to set your bridge/fw host
     as default gateway, you should create a working filter ruleset.
6 - optionally, you may want the bridge to replicate only the IP protocol....

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Re: Transparent Firewall with NAT, stuart van Zee, (Wed Oct 10, 11:25 am)

Re: Transparent Firewall with NAT, Cédric THIBAULT, (Wed Oct 10, 11:59 am)

Re: Transparent Firewall with NAT, ropers, (Fri Oct 12, 5:27 pm)

Re: Transparent Firewall with NAT, Marcus Andree, (Wed Oct 10, 1:00 pm)


linux-kernel:
David Newall	Re: Slow DOWN, please!!!
Renato S. Yamane	Error -71 on device descriptor read/all
Greg Kroah-Hartman	[PATCH 004/196] Chinese: add translation of SubmittingPatches
Bart Van Assche	Integration of SCST in the mainstream Linux kernel
git:
Shawn O. Pearce	libgit2 - a true git library
Martin Langhoff	Re: pack operation is thrashing my server
Aubrey Li	git proxy issue
Pierre Habouzit	git send-email improvements
netbsd-tech-kern:
Elad Efrat	Integrating securelevel and kauth(9)
Hubert Feyrer	Compressed vnd handling tested successfully
Matt Thomas	Interrupt, interrupt threads, continuations, and kernel lwps
Michael	Re: yamt-km branch
openbsd-misc:
Richard Stallman	Real men don't attack straw men
Will Maier	cron doesn't run commands in /etc/crontab?
askthelist	Packets Per Second Limit?
Harald Dunkel	Packet Filter: how to keep device names on hardware failure?


Question on swap as ramdisk partition	2 hours ago	Linux kernel
Netfilter kernel module	13 hours ago	Linux kernel
serial driver xmit problem	15 hours ago	Linux kernel
Why Windows is better than Linux	15 hours ago	Linux general
How can I see my kernel messages in vt12?	22 hours ago	Linux kernel
Grub	1 day ago	Linux general
vmalloc_fault handling in x86_64	1 day ago	Linux kernel
epoll_wait()ing on epoll FD	1 day ago	Linux kernel
Framebuffer in x86_64 causes problems to multiseat	2 days ago	Linux kernel
Difference between 2.4 and 2.6 regarding thread creation	2 days ago	Linux general

Re: Transparent Firewall with NAT

Online users