Thread: firewall routing setup
View Single Post

  #3 (permalink)  
Old 02-13-2007
Balwinder S \bsd\ Dheeman
 
Posts: n/a
Default Re: firewall routing setup
On 02/13/2007 09:06 PM, steeles wrote:
> currently setup is WAN router connect to a switch, then all workstations
> connect to switch, router and workstation are using same subnet, like
> 168.1.X.X
>
> What I want is to setup a firewall server (2 NIC cards) between Router and
> swith.
>
> how do I setup this firewall without changing WAN router configuration?
> Another word, if this case, two NIC cards will have same IP subnet, but how
> is routing going to work?

You need to change the layout as follows:

Internet
|
WAN Router
|
Firewall (Your)
|
Switch
|
+----+---+----+---+---+
| | | | | | Workstations
A B C D E F ...

If you don't have control over the router's config, use a router
assigned IP on the WAN side of your firewall and use a different IP and
subnet on the LAN side. Run your own DHCP service on the firewall
itself, your workstations should be using Firewall as a gateway for
them, add some appropriate SNAT/DNAT rules on the firewall.

Hope that helps!
--
Dr Balwinder S "bsd" Dheeman Registered Linux User: #229709
Anu's Linux@HOME Machines: #168573, 170593, 259192
Chandigarh, UT, 160062, India Distros: Ubuntu, Fedora, Knoppix
Home: http://cto.homelinux.net/~bsd/ Visit: http://counter.li.org/
Reply With Quote