In my opinion there is just one solution for this problem: ppp over ethernet. Serge Maandag. -----Original Message----- From: Chris Knipe [mailto:cgknipe@mweb.co.za] Sent: zaterdag 5 augustus 2000 7:04 To: linux-net@vger.rutgers.edu Subject: Forced Routing? Hi... I just have a simple question quickly.... (or I hope it will be)... Technically, as I understand it, specifying a default gateway (or a gateway at all) for TCP/IP routing information is irrelvent *IF* the IP addresses are located on the same subnet?? Simple scenario... PC1 <-----> PC2 Both are on the same network, 192.168.1.0/255.255.255.224 Now, in otherwords, PC1 and 2 will know of each other only via ARP cache, and thus, will know that they are directly reachable, and thus not use any gateway information specified in a routing table? Well, I might be right, I might be wrong about this, but the question I have, is a bit more complicated... Say for example, I have a bunch of PCs, all on the same network, all routing via one machine (default gateway)... The network can possibly look something like this... (192.168.1.0/255.255.255.224) PC1 PC2 PC3 PC4 \ | | / \ | | / ------------------ | GATEWAY The question is simply, how can I firewall PC1, 2, 3 and 4 from EACH OTHER, without subnetting them all. If I subnet it, it firstly would mean that my firewall machine would need houndreds of network cards (which is physically impossible - seeing im practice, I'm literally talking 100+ computers in this farm).... Secondly, data from PC1 directed to PC2 WILL NOT be routed by the FIREWLL machine, but will only be broadcasted back to the destination, because of the features and workings of UTP HUBs, and TCP/IP routing.... So how do I get my gateway machine (firewall) to protect the entire server farm from the outside world (this is fairly simple, I just stick a second NIC in it and set the firewall up), but also haev the gateway to protect the machines from each other INSIDE the firewall? Why do I want to do this? We plan on setting up a server farm where our customers will be able to rent dedicated servers from us for their own personal use. Due to the security involved, we need to have all the servers in the same server farm, aswell as haev firewall protection for every machine in the farm from each other. The firewall rules is not that importaint at the moment, because of the fact that the farm will more than likely all be protectd by the same rules, as I stated however, the problem lies in the matter at which we can go about to implement these rules INTERNALLY between the servers in the farm. As far as I know, it is impossible to do. UTP Hubs broadcast all the information received on a port, to all the other ports connected to the same hub. Therefor, all the machines on the same hub, will receive the information. On the other hand, there are a few places doing things like this allready, which means that technically, it MUST be possible... Can one way of doing this perhaps be in the configuration and layout of the physical network (hubs, switches, and cables), perhaps in something like the following scenarion.... SERVER SERVER SERVER | | | HUB HUB HUB | | | ------------------------ | SWITCH | GATEWAY Or will this scenario also allow communications to take place between the servers without their data being checked and firewalled by the gateway firewall? ANY help will greately be appreciated, and I look forward to your replies. Regards, Chris Knipe Cell: (083) 430-8151 Natural ability has more often attained to glory and virtue, than education without natural ability at all. - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.rutgers.edu - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.rutgers.edu
