Hi, I know that it is possible and acceptable to "share wire" between two subnets - particularly if you are switched. I can see that what you have set up would "work". However, I see a couple of problems with your configuration: 1) You will have machines on the "E3" subnet with IP addresses that are not supposed to be on the public internet - for example 192.168.1.15 (or whatever you decided to number your "private" subnet). Since they are on the same hub as the "E1" interface which is connected to the public internet, you will be putting illegal IP addresses on the public internet and possibly generating conflicts. 2) The whole idea of a firewall is to protect your "private" subnet from the public internet. In this case, if anyone figures out that your machines resides on the E3 subnet as, say 192.168.1.## all they have to do is direct an attack directly at a machine - thereby passing your firewall right by. My recommendation would be to get another hub to use for the E3 subnet. Heck hubs are cheap! Hope this helps, Chris Slater --- Prakash Joshi <prakash.joshi@parijat.info.com.np> wrote: > Hi, > > I am trying to set up a firewall with three ethernet interfaces E1, > E2 and > E3. E1 is the lan network with public IP addresses and connected to a > hub > H1. E2 is the DMZ(server network) connected to another hub H2. E3 is > again > the lan network but with private IP addresses( I intent to masquerade > this > n/w) but connected to the hub H1 as with E1. > > It seems to work with two different interfaces connected to the same > hub > but I don't know if this has any bad effects, either performance or > security wise. > > Please suggest. > > Thanks in advance, > > Prakash. > > - > : send the line "unsubscribe > linux-admin" in > the body of a message to majordomo@vger.kernel.org > > > __________________________________________________ Do You Yahoo!? Yahoo! Photos - Share your holiday photos online! http://photos.yahoo.com/ - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
