two ethernets two gateways witha a cisco PIX fw

From: technews@egsx.com
Date: Tue Oct 17 2000 - 15:11:37 EST

Next message: Paul Gortmaker: "Removing MOD_xxx_USE_COUNT from net drivers"
Previous message: Chapman, Robert: "EIGRP routing protocols"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I would like some pointer on how to accomplish the following task:
We currently have few servers that have Internic registered IPs and they
are visible to the web. We are trying to put these servers behind a cisco
PIX firewall.

The idea is to put a second ethernet card in each machine we want to
move nehind the firewall, then broadcast the new address through the DNS
and once all traffic stops from the original ethernet (eth0) we will get
rid of the old numbers and only use the new numbers.

The problem has been due to the network numbers and subnetteing, as well
as the routing.

Current configuration
Route 1:
=========
A.B.7.0 (network) -> eth0 -> A.B.7.1(router) -> internet
Default gateway is A.B.7.1(router)

What we want to do is
---------------------
Route1
========
A.B.7.0 (network) -> eth0 -> A.B.7.1(router) -> internet

Route 2
========
A.B.8.112 (network) -> eth1 -> A.B.8.113(pix firewall - inside)
-> A.B.5.177(pix firewall - outside) -> A.B.5.177(router) -> internet

def gateway is A.B.7.1(router)

At this point we figured out how to work each route independantly
so if the linux machine has either route (1 or 2) it works like a charm
and each uses the mentioned router, these condigurations work.

Route1
========
A.B.7.0 (network) -> eth0 -> A.B.7.1(router) -> internet
def gateway A.B.7.1(router)

Route 2
========
A.B.8.112 (network) -> eth1 -> A.B.8.113(pix firewall - inside)
-> A.B.5.177(pix firewall - outside) -> A.B.5.177(router) -> internet
def gateway A.B.8.113(pix firewall - inside)

Is there a way to let traffic coming through eth1 (route2) to return back
on the same ethernet device, and same for eth0?? it seems that the
traffic comes in through eth1 and returns via eth0 so any request via
eth1 does not retrun to the client, eth0 traffic is unaffected. BTW icmp
works fine with the configuration above, bue everything else such as http,
telnet does not make it.

Any suggestions on how to move these IP behind the firewall without
interrupting the service?

Thanks in advance
Adonis

-- Adonis El Fakih - President, CEO -- EGS, Inc. 70 Boston Road, Suite A301, Chelmsford MA 01824 USA Fax (978) 244-0544 - adonis@egsx.com

- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org

Next message: Paul Gortmaker: "Removing MOD_xxx_USE_COUNT from net drivers"
Previous message: Chapman, Robert: "EIGRP routing protocols"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Oct 23 2000 - 21:00:24 EST