Hi to all:
I've been following this list for a long, long time, the high level
of questions/answers are 'hypnotic' ;), but never asked anything before,
until now. Well, I don't wanna waste your time and your mail bytes, here
goes the question:
I've a Linux box ( 2.4 series ) with Checkpoint Firewall NG 1 (
actually I think that with iptables should be sufficient for the type of
policies that I've but ... ), well, this firewall is between an ISP
Frame-Relay router and my internal network. The FR router gives all
internet services ( only from in to out, we don't host any service to
internet ) but with the time, more users had been incorporated to my LAN
and the www traffic has been increased. The firewall suports it without
problems, but this traffic slowdown the www users transfers. We have
decided to incorporate an ADSL router to redirect users inet traffic and
mantain the FR router for internal communications between companies.
The firewal have 3 ethernets, one to my LAN, another to my FR router
and the last, to the ADSL router. Differents LANs.
We have all here up and running ( the routers and configurations )
except the firewall specific configuration. Here is where my problems (
well, my unknowledge ) resides. I have been reading about "ip route"
command and I think that with Linux pure firewalling I could activate a
routing based on dest ip,
saying something like 'all packets from my LAN with destination address
different of another company LAN, launch it trougth ADSL router' and 'all
packets from my LAN with destination address equal to another of my company
LANs, launch it trougth FR router'. But i don't know if Checkpoint uses
linux firewalling tools, is own firewalling tools ( without iptables,
netfilter...) and if I apply the necessary changes to allow ip routing,
this will create conflicts with Checkpoint.
Any sugestions?
Thanks to all
Regards
