I have configuration like this eth0 is my externel interface with IP adress 217.24.20.xx my eth1 is in local lan as ip 192.168.0.100 and i have masq running for my 192.168.0.0/24 now i have two other networks with ips connected to main switch as 192.168.1.0/24 and other 192.168.2.0/24 all subnet mask are 255.255.255.0 I readed a documentation but only thing i could find is this # You want all outgoing traffic from 192.168.1.0/24 through # eth0 to use source address 206.124.146.176 which is NOT the # primary address of eth0. You want 206.124.146.176 added to # be added to eth0 with name eth0:0. # # eth0:0 192.168.1.0/24 206.124.146.176 but in my ifconfig i do not see virtual device. Is there any other way to solve this ? can i put some other ip for my gateway, public my 217.24.20.xx? Thank you very much.
I have configuration like this eth0 is my externel interface with IP adress 217.24.20.xx my eth1 is in local lan as ip 192.168.0.100 and i have masq running for my 192.168.0.0/24 now i have two other networks with ips connected to main switch as 192.168.1.0/24 and other 192.168.2.0/24 all subnet mask are 255.255.255.0 I readed a documentation but only thing i could find is this # You want all outgoing traffic from 192.168.1.0/24 through # eth0 to use source address 206.124.146.176 which is NOT the # primary address of eth0. You want 206.124.146.176 added to # be added to eth0 with name eth0:0. # # eth0:0 192.168.1.0/24 206.124.146.176 but in my ifconfig i do not see virtual device. Is there any other way to solve this ? can i put some other ip for my gateway, public my 217.24.20.xx? Thank you very much.
Tanovic Branko wrote:> I have configuration like this > > eth0 is my externel interface with IP adress 217.24.20.xx > > my eth1 is in local lan as ip 192.168.0.100 > and i have masq running for my 192.168.0.0/24 > > now i have two other networks with ips connected to main switch as > 192.168.1.0/24 > and other 192.168.2.0/24 > all subnet mask are 255.255.255.0This topic is covered in depth at http://shorewall.net/Multiple_Zones.html -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep wrote:> Tanovic Branko wrote: > >> I have configuration like this >> >> eth0 is my externel interface with IP adress 217.24.20.xx >> >> my eth1 is in local lan as ip 192.168.0.100 >> and i have masq running for my 192.168.0.0/24 >> >> now i have two other networks with ips connected to main switch as >> 192.168.1.0/24 >> and other 192.168.2.0/24 >> all subnet mask are 255.255.255.0 > > This topic is covered in depth at > http://shorewall.net/Multiple_Zones.html > > -TomThx Tom for post I found this on http://shorewall.net/Shorewall_and_Aliased_Interfaces.html *Example 5. Local interface eth1 interfaces to 192.168.1.0/24 and 192.168.20.0/24. The primary IP address of eth1 is 192.168.1.254 and eth1:0 is 192.168.20.254. You simply want your firewall to route between these two subnetworks.* Can be this done without virtual interfaces eth1:0 ..?
Tanovic Branko wrote:> Tom Eastep wrote: > >> Tanovic Branko wrote: >> >>> I have configuration like this >>> >>> eth0 is my externel interface with IP adress 217.24.20.xx >>> >>> my eth1 is in local lan as ip 192.168.0.100 >>> and i have masq running for my 192.168.0.0/24 >>> >>> now i have two other networks with ips connected to main switch as >>> 192.168.1.0/24 >>> and other 192.168.2.0/24 >>> all subnet mask are 255.255.255.0 >> >> >> This topic is covered in depth at >> http://shorewall.net/Multiple_Zones.html >> >> -Tom > > > > Thx Tom for post > I found this on > http://shorewall.net/Shorewall_and_Aliased_Interfaces.html > > *Example 5. Local interface eth1 interfaces to 192.168.1.0/24 and > 192.168.20.0/24. The primary IP address of eth1 is 192.168.1.254 and > eth1:0 is 192.168.20.254. You simply want your firewall to route between > these two subnetworks.* > > Can be this done without virtual interfaces eth1:0 ..?If there are routers in the 192.168.1.0/24 network that route to the other networks then Yes -- otherwise, No. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net