Re: Asymmetrically routing through transparent fw (bridge)

Subject:	Re: Asymmetrically routing through transparent fw bridge
From:	Wolfgang Kohnen
Date:	Wed, 11 May 2005 17:13:56 +0200
Newsgroups:	comp.os.linux.networking

Philippe WEILL schrieb:

> if you want to do something like this it's doesn't work
>
>          |------------|
> ---------|   Cisco    |
>          |------------|
>            | |   | | |
>          |- ---| Workstations
>          | FWB |
>          |-----|
> could you explain with ascii art what you need

It's more like this:

-------
|cisco|-----> metropolitan area net
-------
 |                                              ----------------
 |                 (----------------------------| other switch |
 |                 |                            ----------------
---------        ------      ----------             |||||||| |
|  FWB  |------> | FW |------| switch |           third network
---------        ------      ----------                      |
 |                             ||||||                        |
 |                             ||||||                      ------
 |                            second network               | FW |
 |                                                         ------
----------
| switch |
----------
  ||||||
  ||||||
first network

The interesting part is on the left column:  the cisco router,  the
bridging firewall (FWB) and the connected "first network".  What I need
is, that the first network has a default gateway different to the second
and third network (which go to a different off-site uplink).  But I want
to route package between these three networks.  Cisco's IP is
10.121.64.1 and I would like to give the IP 10.121.64.15 (same logical
network, hence the bridging firewall) and default gateway 10.121.64.1 to
the FWB and then give a default gateway of 10.121.64.15 to the clients
in the first network. 

Maybe it was misleading, that I wrote:

>> But
>> packages going the other way round will arrive from the internet (or
>> other off-site networks) at the cisco router and then they will be sent
>> from the cisco router directly to the client i.e. transparently through
>> the bridge.

The FWB is between the first network and the cisco router, of course. 
If I didn't miss something important, the packages will all pass the FWB
from all directions, from cisco to first network, from first network to
cisco and to/from second network to the first network. 

But there is still a asymmetry on the FWB:  Cisco thinks it sends to the
network directly and it passes the FWB and the client in that network
think the FWB is a router and the Cisco doesn't exist.  My question is
theoretical "How does this asymmetry appear at the FWB? (routing table/
INPUT / FORWAD / OUTPUT)" or my question is pragmatical:

>> 2.) How can I handle connections going through this transparent
>> firewall?  Am I able to [2]stateful inspect connections [0]easily here!?

I have no clue.  Maybe the Linux can't do this at all, or there is just
no problem, or... I don't know?

<Prev in Thread]	Current Thread	[Next in Thread>
Asymmetrically routing through transparent fw (bridge), Wolfgang Kohnen Re: Asymmetrically routing through transparent fw (bridge), Philippe WEILL Re: Asymmetrically routing through transparent fw (bridge), Wolfgang Kohnen <= Re: Asymmetrically routing through transparent fw (bridge), Philippe WEILL Re: Asymmetrically routing through transparent fw (bridge), Wolfgang Kohnen Re: Asymmetrically routing through transparent fw (bridge), prg

Previous by Date:	Re: address mapping problem, Unruh
Next by Date:	Re: address mapping problem, Unruh
Previous by Thread:	Re: Asymmetrically routing through transparent fw (bridge), Philippe WEILL
Next by Thread:	Re: Asymmetrically routing through transparent fw (bridge), Philippe WEILL
Indexes:	[Date] [Thread] [Top] [All Lists]