Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

2 NIC machine questions (for internal firewall)

Status
Not open for further replies.
SgtB

SgtB

IS-IT--Management
Oct 3, 2002
447
US
Here's the situation (I'll try ot be brief). I'd like to set up an internal firewall right before our WAN router. Here's the catch. Both NICs will have IP's sitting on the same network. Let me draw this out. It may help.

[WAN]-><-[Router-10.10.10.1]-><-[Ext interface on FW-10.10.10.2]<IP Forwarding enabled>[Internal Interface on FW-10.10.10.3]-><-[LAN-10.10.10.x]

Is this situation possible? I'd like to have all WAN traffic filtered by the firewall. All inbound WAN traffic hits the router, gets passed to the firewall. Firewall filters, then if accepted, passed on to the LAN. Same goes for outbound traffic from LAN to WAN.

Changing IP's on the router or LAN is not an option. Access-lists on the Router are not an option either. I was thinking of using an open source *nix OS since cost is an issue.

Any ideas?
Thanks for any replies!
 
Sort by date Sort by votes
What do you mean by same network? Both nics plugged into the same hub? Sure that'll work. The interfaces/NICs will just discard packets not on their subnet (little extra load though).

Just use a /24 or class C netmask on the subnets eg 10.10.10.1 255.255.255.0

-Jeff
----------------------------------------
Wassabi Pop Tarts! Write Kellogs today!
 
Upvote 0 Downvote
jgercken,

Thanks for the reply. Maybe I didn't explain my situation properly.
One interface will sit on hub connected to the LAN and the other interface will sit on a different hub that's connected to the router's ethernet only.
I used the term &quot;same network&quot; to show that both interfaces on the firewall will have a 10.10.10.x IP, and that the LAN and router (both sides of the FW) are also on the 10.10.10.x scheme.

I hope this clarifies things a little better.
 
Upvote 0 Downvote
Here's a diagram of what I'm talking about.
Hope this helps.

setup.jpg
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CryptoTuke
  • Locked
  • Question
Maximum buffer size on Winsock for sending one block of data over TCP / IP
Replies
1
Views
758
maybeimaleo
maybeimaleo
Wajdi Zghal
  • Locked
  • Question
Sipp between 2 VM
Replies
0
Views
493
Wajdi Zghal
Wajdi Zghal
joserodriguezan
  • Locked
  • Question
Looking for a free software application to recieve SMNP alerts.
Replies
0
Views
498
joserodriguezan
joserodriguezan
etrusks
  • Locked
  • Question
Communicating between 2 users whos ip addresses might change 1
Replies
6
Views
183
etrusks
etrusks
Tony D
  • Locked
  • Question
NAT Port Forwarding
Replies
0
Views
502
Tony D
Tony D

Part and Inventory Search

Sponsor

Back
Top