This is kind of an odd request so I''ve got the asbestos undies on. I have a client who currently has a layer 3 switch plugged into a cisco pix. Routing is handled via RIP and now the client wants to insert a linux box running shorewall behind the PIX and in front of the switch to act as a content filter+backup firewall. The immediate problem I forsee happening is that RIP broadcasts to the PIX are going to be blocked by the shorewall box. Is there an easy way to avoid this from happening? Is this kind of configuration completely insane?
Gary Buckmaster wrote:> This is kind of an odd request so I''ve got the asbestos undies on. I > have a client who currently has a layer 3 switch plugged into a cisco > pix. Routing is handled via RIP and now the client wants to insert a > linux box running shorewall behind the PIX and in front of the switch > to act as a content filter+backup firewall. The immediate problem I > forsee happening is that RIP broadcasts to the PIX are going to be > blocked by the shorewall box. Is there an easy way to avoid this from > happening? Is this kind of configuration completely insane?You''d want to configure the Shorewall box as a bridge so that it can pass broadcasts. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:> Gary Buckmaster wrote: > >>This is kind of an odd request so I''ve got the asbestos undies on. I >>have a client who currently has a layer 3 switch plugged into a cisco >>pix. Routing is handled via RIP and now the client wants to insert a >>linux box running shorewall behind the PIX and in front of the switch >>to act as a content filter+backup firewall. The immediate problem I >>forsee happening is that RIP broadcasts to the PIX are going to be >>blocked by the shorewall box. Is there an easy way to avoid this from >>happening? Is this kind of configuration completely insane? > > > You''d want to configure the Shorewall box as a bridge so that it can > pass broadcasts. >Or run a routing daemon on the Shorewall box... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:> Tom Eastep wrote: > >>Gary Buckmaster wrote: >> >> >>>This is kind of an odd request so I''ve got the asbestos undies on. I >>>have a client who currently has a layer 3 switch plugged into a cisco >>>pix. Routing is handled via RIP and now the client wants to insert a >>>linux box running shorewall behind the PIX and in front of the switch >>>to act as a content filter+backup firewall. The immediate problem I >>>forsee happening is that RIP broadcasts to the PIX are going to be >>>blocked by the shorewall box. Is there an easy way to avoid this from >>>happening? Is this kind of configuration completely insane? >> >> >>You''d want to configure the Shorewall box as a bridge so that it can >>pass broadcasts. >> > > > Or run a routing daemon on the Shorewall box... > > -TomIf its any help. There''s a good chance its running RIP version 2, if so its using a Class D multicast address 224.0.0. I think it maybe 5, If so maybe just route it straight through. Richard