Matthew Singerman wrote: > Hi Ed, > > They are, yes - this should be possible, right? I am trying to firewall > off part of our network from the rest of the network and the outside > world. We have several servers with public IP addresses that are static > (they are servers). I would like for this Linux server to sit between > their outside connection to the world and the switch that all the > servers are plugged into, and act as a gateway and a firewall. It can be done....but not without additional changes on your end. 1. Assuming eth0 is the Internet facing interface you need to change its IP address as well as its netmask. IPADDR=141.161.111.1 NETMASK=255.255.255.252 BROADCAST=141.161.111.3 2. The router interface of the router at 141.161.185.38 needs to be changed as well. Its IP address needs to be 141.161.111.2 with the same broadcast and netmask settings. 3. A routing table entry needs to be made in 141.161.185.38 to tell it that all traffic for 141.161.111.0/24 (255.255.255.0) needs to be routed to 141.161.111.1. 4. You need a second switch. Only the router and eth0 are plugged into one switch. eth1 and the other systems in the 141.161.111.0/24 are plugged into the other switch. 5. eth1 could stay as it is. That is 141.161.111.242/24. 6. The default gateway on 141.161.111.1 needs to be set to 141.161.111.2 7. The default gateway on the other 141.161.111.0 systems need to be changed to 141.161.111.1. Ed -- Life is a game of bridge -- and you've just been finessed.
