[KLUG Members] Network config

Adam Williams members@kalamazoolinux.org
Wed, 13 Mar 2002 09:37:00 -0500 (EST)

Previous message: [KLUG Members] Network config
Next message: [KLUG Members] cd burning setup
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>I used to have two private lans (192.168.2 and 192.168.3) located in
>separate buildings with a firewall on each to the outside world. I've
>since relocated them into the same building on a common switch with
>separate VLANs. I did this because they both operate a UDP multcast
>simulation and we don't want UDP packets getting on the other subnet.
>Both firewalls are now redundate. My question is, how can I connect the
>two subnets to be transparent for sharing a firewall and
>for ssh,rlogin,etc, without allowing the UDP multicast to get through?

Add an alias on the firewalls internal interface so that it has an 
interface on both networks.  "ifconfig eth0:1 blah.blah.blah.blah"
 
>Would I reconfigure the second firewall to exist on both subnets with
>IP_Forwarding? Would I need packet filtering?

If you want the subnets to communicate with each other will need to setup 
some forwarding rules  (Accept 192.168.2.0/24 -> 192.168.3.0/24, Accept  
192.168.3.0/24 -> 192.168.2.0/24 on the forward chain).  Your internal 
interfaces probably already accept everything on the input chain.  Since 
the UDP packages are on the one subnet they shouldn't jump to the other 
unless someone over their explicitly signs-onto/subscribes to the 
multicast.

Previous message: [KLUG Members] Network config
Next message: [KLUG Members] cd burning setup
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]