Re: Adding a second internet connection + firewall

From: Otavio Exel (oexel_at_economatica.com.br)
Date: 02/27/04

Next message: Joachim Mæland: "Re: Pls help: Linksys WPC11 V3 Setup"
Previous message: Steve Schefter: "Re: Question on pcmcia network setup"
In reply to: joseph philip: "Re: Adding a second internet connection + firewall"
Next in thread: joseph philip: "Re: Adding a second internet connection + firewall"
Reply: joseph philip: "Re: Adding a second internet connection + firewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: 27 Feb 2004 20:59:26 GMT

> On Thu, 26 Feb 2004 19:33:03 +0000, Otavio Exel wrote:
> >
> > if a connection is made from the internet to 200.162.30.10:80, can I be
> > sure that the outgoing packets of this connection will be sent thru the
> > second firewall (10.0.0.2) ?

joseph philip <joseph@nntp.will.suffice> wrote:

hi Joseph,

> No, it won't.

rats! :-((

> What you can do is SNAT incoming connections on the second firewall so
> that it looks like 10.0.0.2 is connecting to the web server. Responses
> go back to 10.0.0.2, and then onwards to the source. Rather like a
> nat-ed lan, in reverse...

the said webserver has built in statistics and access control based on
client IP :-(( I certainly can simulate all this in the firewall
(10.0.0.2) but it will definitely be a PITA!

<QUESTION TYPE="probably stupid">
I've read about an IP option called "source routing". could this be used
to direct the outgoing packages back to 10.0.0.2 ?
Please just answer "yes" or "no"; in case it is "yes" I'll RTF to find
out what exactly "source routing" is.
</QUESTION>

many many thanks!

-- 
Otavio Exel /<\oo/>\ oexel@economatica.com.br

Next message: Joachim Mæland: "Re: Pls help: Linksys WPC11 V3 Setup"
Previous message: Steve Schefter: "Re: Question on pcmcia network setup"
In reply to: joseph philip: "Re: Adding a second internet connection + firewall"
Next in thread: joseph philip: "Re: Adding a second internet connection + firewall"
Reply: joseph philip: "Re: Adding a second internet connection + firewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

RE: Bandwidth hit in natd/ipfw on 4.4-RELEASE
... This switch is for alteration of outgoing packets based on RFC 1918. ... between your FBSD box and the Internet, that you examine them, as I have ... I don't think a single day's gone by without a connection ... To unsubscribe, ...
(freebsd-questions)
Outgoing DNAT, incoming SNAT?
... I know it's possible to perform SNAT on outgoing packets and DNAT on ... I have a client program which doesn't allow me to alter the IP/ports to ... connect out to Google's web server, I would be connected to Altavista ... Right now my connection to the internet is through the LAN, ...
(microsoft.public.windowsxp.network_web)
Re: How to determine that any application is attempting to use internet?
... You need sniffer where you check outgoing packets to check data, ... Arkady ... > internet connection is on). ...
(microsoft.public.win32.programmer.kernel)