O.k., If 64.240.90.225 is the address of your router then: 0. flush all ipchains lists to make sure it isn't bothering you 1. kill all routes (route del...) 2. give your linuxmachine 2 adresses within the range 64.240.90.226 - 64.240.90.238 3. activate proxy-arp on the linux machine on both interfaces. probably: echo 1 >/proc/sys/net/ipv4/conf/eth0/proxy_arp and echo 1 >/proc/sys/net/ipv4/conf/eth0/proxy_arp) 4. add the following routes: route add -net 64.240.90.224 netmask 255.255.255.240 gw <ip-eth0> route add -net 64.240.90.224 netmask 255.255.255.240 gw <ip-eth1> route add -net 0.0.0.0 netmask 0.0.0.0 gw 64.240.90.225 5. Test! All written without looking at them manuals, so there might be a typo. Serge. -----Original Message----- From: Vinay Kudithipudi [mailto:vinay@inlightnet.net] Sent: donderdag 3 augustus 2000 20:31 To: linux-net@vger.rutgers.edu Cc: Serge Maandag Subject: Re[2]: Network Routing Configuration Hello Serge, Thanks for the feedback.... I think u got me a bit wrong here or I didn't make my point clear. I am planning to use this machine as a firewall. I figured that I had to use public ip addresses for both the cards since, I have some machines on my lan which use public ip addresses. We have a T1 router through which we have internet access. I want to connect this pc right after the router and the rest of the lan is connected to this pc. As I said, I am farily new to Linux and I would like to install a firewall for my lan. Please give me ur suggestions. Thank u. Thursday, August 03, 2000, 7:25:22 AM, you wrote: SM> ?? this isn't what you want alright :) SM> If your lan is connected to eth1: SM> First of all: a router can only route between two different subnets and SM> the IP ranges you gave to the router (64.240.90.230 and 64.240.90.231) SM> are in the same subnet. That can only if you make it proxy-arp SM> Secondly: you told your router that 64.240.90.224/28 is connected to SM> eth0 and eth1, there can be only one, neo! remove the entry for eth1. SM> Thirdly: you have 2 default-routes, one to eth0 and one to eth1. Both SM> are pointing at 64.240.90.225, which resides in the lan-subnet. SM> I think you need to study ip-address assigning and subnetting a bit. If SM> even then you can't figure it out, add more info, what is the isp's SM> gateway address, what addresses do you want where.. SM> Serge. SM> -----Original Message----- SM> From: Vinay Kudithipudi [mailto:vinay@inlightnet.net] SM> Sent: donderdag 3 augustus 2000 17:01 SM> To: linux-net@vger.rutgers.edu SM> Subject: Network Routing Configuration SM> Hello Guys, SM> Thanks for the great feed back on firewalls. I have a question SM> about routing tables. I have two network cards in the comp that I am SM> planning to use as an firewall. Both of them have pulic ip addresses. SM> One card is going to be connected to the router and another to the SM> lan. How should I write the routing table so that all the traffic is SM> passed on from the card attached to the lan. My routing table at SM> present is SM> Kernel IP routing table SM> Destination Gateway Genmask Flags Metric Ref Use SM> Iface SM> 64.240.90.231 * 255.255.255.255 UH 0 0 0 SM> eth1 SM> 64.240.90.230 * 255.255.255.255 UH 0 0 0 SM> eth0 SM> 64.240.90.224 * 255.255.255.240 U 0 0 0 SM> eth0 SM> 64.240.90.224 * 255.255.255.240 U 0 0 0 SM> eth1 SM> 127.0.0.0 * 255.0.0.0 U 0 0 0 SM> lo SM> default 64.240.90.225 0.0.0.0 UG 0 0 0 SM> eth1 SM> default 64.240.90.225 0.0.0.0 UG 0 0 0 SM> eth0 -- Best regards, Vinay mailto:vinay@inlightnet.net - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.rutgers.edu