Martyn,
Doesn't it strike as a little weird that both interfaces are on the same
network? Which interface does it send to when it wants to ping 172.18.9.200?
Both? Or one of them, and then which one? You have two topologies going on in
the internal network: star topology on the side of the internal interface of
your linux firewall, and bus topology from the internal interface of the
firewall to the router. I just looked up your router and so i now know that
your internal network is 10BaseT. But 10BaseT doesn't work with a bus topology!
According to IEEE 802.3 10BaseT specifications, which is what your linux
firewall is going by, when you send a packet out of eth0, any of the rest of
that network, including the machines on the eth1 side of it, can hear it. So
really, if the linux firewall sends a packet only out of eth0, it's doing
nothing wrong.
The way i see it, you have two options:
1. Do the classic linux firewall thing and set up the network on eth1 to be
something like 192.168.1.0 and on eth1 to be on the 172.18.9.0 network, with
the router as your gateway, and do masq'ing from internal to external
interface. The point is that both NICs need to be on different subnets. For
this check out
http://www.linuxdoc.org/HOWTO/IP-Masquerade-HOWTO.html
http://www.linuxdoc.org/HOWTO/IPCHAINS-HOWTO.html
http://www.linuxdoc.org/HOWTO/Firewall-HOWTO.html
2. This is the COOLEST option: set up your linux firewall as a bridge. This
would make it a transparent firewall - a bridge that is also a firewall. Much
less chance of your firewall box itself being compromised. For this check out
http://www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO.html
http://www.linuxdoc.org/HOWTO/BRIDGE-STP-HOWTO/index.html
I hope that makes some sense :-)
j
--- Martyn Wendon <[EMAIL PROTECTED]> wrote:
> Hello Expert List!
>
> If possible can anybody advise me on the following scenario:
>
> My home network (4 pcs and a laptop of varying Windows / Linux versions)
> currently accesses the Internet via a 3Com OfficeConnect ISDN router. The
> machines are connected to a hub, which in turn uplinks to the router.
> Currently the router has an internal IP address of 172.18.9.30 and the
> machines have IP's in the range of 172.18.9.* - On connecting to my ISP a
> dynamic IP is allocated to the external port of the router and it performs
> NAT accordingly. The default gateway in each machine is set to the internal
> IP of the router and everything works fine.
>
> What I'm trying to do is put a Linux box (Mandrake 7.2) as a proxy server /
> firewall in between the hub and the router to increase security and offer
> proxying facilities. I'm fairly new to Linux (been playing with Mandrake
> for about 6 months), but have a reasonable knowledge of networking.
>
> So far I've fitted 2 network cards in the Linux box, eth0 is 172.18.9.100
> and is connected to the router and eth1 is 172.18.9.101 and is connected to
> the hub of the internal network. I've enabled routing in linuxconf, and the
> default gateway is set at 172.18.9.30, at this point from this Linux box I
> assumed that I would be able to a:) ping the other machines on my network
> and b:) be able to ping the router / internet. But I can only ping the
> router and the internet, not the internal network. I also assumed
> (wrongly?) that I'd still be able to ping the router / internet from the
> rest of the machines. So now I'm a little stuck - too many years of plug
> and pray with Microsoft have taken their toll!
>
> I'd appreciate any help on getting this all set up correctly, I've got a
> copy of PMFirewall and Squid - although I'm open to suggestions if there's
> anything better - but first things first I'd like to get the Linux box
> working as a simple "middle man" between the hub and router......
>
> Many thanks,
>
> Martyn
>
__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/
