[KLUG Members] Multiple networks on a single switch?

[Bob Kanaley]

Greetings,

I want to update my trusty but dated LRP/LEAP firewall distribution to
support modem bonding with two external dial-up modems (I can't get DSL or
ISDN, my ISP supports dual 56K dialup for $40/month and I have an unused
phone line.) Apparently to get this feature in PPPd, I must patch the kernel
and run a patched version of my current PPPd or I need to update the kernel
and use a newer PPPd.

Rather than mess around with the distro I am using, I am looking at some of
the newer LEAP distro's, some of which come with Shorewall. I was reading
the Shorewall doc's for a three interface configuration (PPP, DMZ, LOC). The
Shorewall docs said "Do not connect more than one interface to the same hub
or switch (even for testing). It won't work the way you expect it to and you
will end up confused and believing that Shorewall doesn't work at all."

Now, I can understand why putting two interfaces on a hub would cause many
problems (hubs basically repeat anything coming in on one port out to all
the rest of the ports). But I don't understand why I couldn't use a single
48 port switch to connected to two interfaces on different networks (DMZ and
LOC). I would think that the switch routing table should be smart enough to
know which ports belong to which network and only push network broadcasts
out to the appropriate ports.

Am I attributing too much intelligence to the switch?

I don't see how the problem could be with Shorewall since the router decides
which packets go to which ports.

Before I get myself in a real mess, could someone please enlighten me as to
why I couldn't or shouldn't use a single switch connected to two interfaces
on a Shorewall three interface firewall?

Bob

Robert V. Kanaley
Manager Information Systems
Agdia, Inc.
rvk@agdia.com
http://www.agdia.com