LARTC - May 2002 - How to make Linux server transparent to internal machines?

Hello:

I have a block of static IP addresses on which I want to run
several Windows machines.

Since I want to have a firewall, I was thinking of using 1 IP
address for a linux server that will act as a firewall for
the entire setup.

So, here is a diagram:

  [Internet] -- [Linux Server] -- switch -- [Internal machines]

The linux server and the internal machines all have static
IP addresses which are public to the Internet.

How can I set-up routing so the Linux server is "transparent"
to the other machines?

Thanks,
	Neil.

--
Neil Aggarwal
JAMM Consulting, Inc.    (972) 612-6056, http://www.JAMMConsulting.com
Custom Internet Development    Websites, Ecommerce, Java, databases

what you want to do is setup a bridgeing firewall
http://bridge.sourceforge.net/
----- Original Message ----- 
From: "Neil Aggarwal" <neil@JAMMConsulting.com>
To: <lartc@mailman.ds9a.nl>
Sent: Friday, May 31, 2002 2:55 PM
Subject: [LARTC] How to make Linux server transparent to internal machines?

> Hello:
> 
> I have a block of static IP addresses on which I want to run
> several Windows machines.
> 
> Since I want to have a firewall, I was thinking of using 1 IP
> address for a linux server that will act as a firewall for
> the entire setup.
> 
> So, here is a diagram:
> 
>   [Internet] -- [Linux Server] -- switch -- [Internal machines]
> 
> The linux server and the internal machines all have static
> IP addresses which are public to the Internet.
> 
> How can I set-up routing so the Linux server is "transparent"
> to the other machines?
> 
> Thanks,
> Neil.
> 
> --
> Neil Aggarwal
> JAMM Consulting, Inc.    (972) 612-6056, http://www.JAMMConsulting.com
> Custom Internet Development    Websites, Ecommerce, Java, databases
> 
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> 
>

On Friday 31 May 2002 23:55, Neil Aggarwal wrote:
> Hello:
>
> I have a block of static IP addresses on which I want to run
> several Windows machines.
>
> Since I want to have a firewall, I was thinking of using 1 IP
> address for a linux server that will act as a firewall for
> the entire setup.
>
> So, here is a diagram:
>
>   [Internet] -- [Linux Server] -- switch -- [Internal machines]
>
> The linux server and the internal machines all have static
> IP addresses which are public to the Internet.
>
> How can I set-up routing so the Linux server is "transparent"
> to the other machines?
You can play with the routing on the Linux server.  The default gw of the 
linux server points to the internet, but for each internal machine, you add 
an extra route to the right NIC.  The internal machines have the ip-address 
of the LInux server as default gw.  You can even give both NIC''s of the
Linux-server the same ip-address so you don''t losse one.  

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.openprojects.net

Excellent articles in there...

You can also set-up a Proxy-ARP firewall. This is basically a router but there
is no
need to set up/modify a gateway setting in the internal machines, all traffic
passes
through the router transparently (as in the bridge, but now switching is done at
IP
level -- i.e. "true" routing).

The pros: it''s easier to set-up than the bridge code. there''s
no need to patch
kernel code and/or commandline tools

The cons: slightly lower throughput, slightly lower security... but easier ;-)

José Carlos
JoseCarlos.Ramirez@isotrol.com

---- Mensaje original ----
De:		Chris K Ellsworth
Fecha:		Sat 6/1/02 0:02
Para:		lartc@mailman.ds9a.nl
Asunto:	Re: [LARTC] How to make Linux server transparent to internal machines?

what you want to do is setup a bridgeing firewall
http://bridge.sourceforge.net/

----- Original Message ----- 
From: "Neil Aggarwal" <neil@JAMMConsulting.com>
To: <lartc@mailman.ds9a.nl>
Sent: Friday, May 31, 2002 2:55 PM
Subject: [LARTC] How to make Linux server transparent to internal machines?

> Hello:
> 
> I have a block of static IP addresses on which I want to run
> several Windows machines.
> 
> Since I want to have a firewall, I was thinking of using 1 IP
> address for a linux server that will act as a firewall for
> the entire setup.
> 
> So, here is a diagram:
> 
>   [Internet] -- [Linux Server] -- switch -- [Internal machines]
> 
> The linux server and the internal machines all have static
> IP addresses which are public to the Internet.
> 
> How can I set-up routing so the Linux server is "transparent"
> to the other machines?
> 
> Thanks,
> Neil.
> 
> --
> Neil Aggarwal
> JAMM Consulting, Inc.    (972) 612-6056, http://www.JAMMConsulting.com
> Custom Internet Development    Websites, Ecommerce, Java, databases
> 
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> 
> 

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

> The pros: it''s easier to set-up than the bridge code.
there''s
> no need to patch 
> kernel code and/or commandline tools
> 
> The cons: slightly lower throughput, slightly lower 
> security... but easier ;-)
I''d like to know why you think using proxy-arp is lower security than
bridging ...
-- 
Michael T. Babcock
CTO, FibreSpeed Ltd.