Hi,
I have an embedded system running uclinux with just one ethernet device
and wonder whether or not I can build a firewall in combination with a
switch (VLAN support, not WLAN).
How I thought it could work is the following:
Configure the eth0 device with an ip and network mask.
Configure the eth0:0 alias device with an ip and network mask different
from eth0.
Use a switch with VLAN support.
Connect the eth0 linux device to port B of the switch; switch port A
will then be one side of the firewall and port C the other side.
Configure the switch (VLAN) in a manner so all the incoming traffic on
switch port A will be routed to port B and all the incoming traffic on
port B will be routed to port C and back to port A.
Finally everything that enters port C will be routed to port B.
The question about all this is: Will the traffic be filtered between
eth0 and eth0:0 as if there were two physical devices eth0 and eth1?
Thanks for any remarks on that.
roman
PS.: I know, this is an unusual way to build a firewall, but I simply
can not change the hardware. For everyone who thinks, it is insecure
because of none existing physical separation: please forgive me.