Firewall Networking problem

Firewall Networking problem

Post by Cyber Worl » Sat, 15 Apr 2000 04:00:00



I have a problem to make a firewall router work in a real IP range.
IP: 202.181.233.0/26
GW: 202.181.233.1

I want to put a firewall inside this network and use all true ip for my web and
mail server.
          External Network (Internet)
              <router>
                  |
                  |
              eth1|202.181.233.2/26
           ---------------
           |             |             Server Network (DMZ)
           |             |eth0
           |             |----------------------------------------
           |             |202.181.233.60 |             |        
           |             |               |             |          
           |             |               |             |        
           ---------------           -------       -------      
                                     | WWW |       | DNS |      
                                     -------       -------      
                                 202.181.233.61  202.181.233.62

How to make a route to the Server Network?
Should anything need to add in the router?

Thanks a lot.

Danny

 
 
 

Firewall Networking problem

Post by Robie Bas » Sat, 15 Apr 2000 04:00:00


On 14 Apr 2000 12:30:24 GMT, * World said:

Quote:

>I have a problem to make a firewall router work in a real IP range.
>IP: 202.181.233.0/26
>GW: 202.181.233.1

>I want to put a firewall inside this network and use all true ip for my web and
>mail server.
>          External Network (Internet)
>              <router>
>                  |
>                  |
>              eth1|202.181.233.2/26
>           ---------------
>           |             |             Server Network (DMZ)
>           |             |eth0
>           |             |----------------------------------------
>           |             |202.181.233.60 |             |        
>           |             |               |             |          
>           |             |               |             |        
>           ---------------           -------       -------      
>                                     | WWW |       | DNS |      
>                                     -------       -------      
>                                 202.181.233.61  202.181.233.62

>How to make a route to the Server Network?
>Should anything need to add in the router?

You'll need to tell your router to forward everything destined for
202.181.233.0/26 through to 202.181.233.2.

On the firewall, you'll need to set up static routes as follows:
  route add -net 202.181.233.0/26 dev eth0
        route add -host 202.181.233.1 dev eth1
        route add default gw 202.181.233.1

Then, set up ipfw/ipchains/iptables as required. I'm familiar with
ipchains (kernel 2.2.x), to differentiate between inside/out, the
easiest way would be to use:
  ipchains -i eth0 # for outside
        ipchains -i eth1 # for inside

Robie.
--