Re: Bridge+firewall - possible?

Jamie Lokier (lkd@tantalophile.demon.co.uk)
Thu, 10 Dec 1998 01:01:47 +0000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Antti Andreimann: "ATI Mach64 framebuffer driver."
Previous message: Matthias Urlichs: "2.1.131 -ac6 and speed"

> To forestall some of the more obvious responses: We wanted bridging
> instead of routing because we have a Class C that is pretty much full.
> Subnetting our address space and setting up the firewall as a gateway
> involves much pain, especially since we only have four hosts outside
> the firewall, and over 200 inside.

As you've only got 4 machines on the outside and you want to keep the
same subnet numbers, sounds like you could use normal IP routing and
manually configured proxy ARP entries (per interface) to direct as
appropriate. You'd have host routes for the 4 external hosts, and a
subnet route for the internal ones.

Alternatively, you could renumber all the inside hosts to one of the
reserved ranges (10.*.*.* is my favourite) and use IP masquerading.
That gives you more flexibility to grow the network, but has its
downsides too.

Both of these process packets through the IP firewall.

-- Jamie

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Antti Andreimann: "ATI Mach64 framebuffer driver."
Previous message: Matthias Urlichs: "2.1.131 -ac6 and speed"