Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: I'm going to try to establish a firewall too...need advice

So that is .139 for one NIC going to Asanti for internal communications like AFP, NFS and others. From Asanti all the hosts will go to your 8port 10Tbased hub and then to NIC 01 with address .149 for filtering purposes. The surviving packets are sent to built-in NIC with address .148 and from there to your Cisco. Did I spell it out right?

If so, there are a couple of things I don't get straight. Why use the hub in the first place? Is a serious bottle neck for your network, not only because of being a hub but also because it is 10Mbits only. If you specify the .149 address as system gateway for all your hosts then they should be able to make it to the firewall through the Asanti switch without the need of the hub. If you the specify the .148 address as gateway for your firewall, it will forward the surviving packets to that address. Until here everything seems to be just fine with your setup, everything should work. I don't see why internal communication should fail and why the firewall should fail to receive the outgoing packets (with the consideration of the hub I just made). The second problem arises when outgoing traffic arrives at built-in NIC. What will the y do from there on, how do they know they have to travel from there to Cisco? The only instruction they have is to go to .148 for further routing, but will the NIC have the ability to realize it has to forward the packets to the Cisco? I don't think so, I don't see that last one working. To me it seems that the packets will just die at .148. You could specify Cisco's address to your firewall as gateway, but the packets would never reach it because built-in nic is the only thing connected to it so its address will not be visible on the network.

What do you guys think? I think traffic won't make it there onwards. Or maybe, just maybe, if you set your built-in NIC in promiscuous mode it could receive the packets that are destined for Cisco's address and forward them appropriately....

That's what I make of it, just my two cents. Regards,...


Juan.


On Thursday, June 27, 2002, at 08:49 PM, William Levins wrote:

Here's what I plan...

Currently, our Cisco router plugs into out Asante 10/100 24 port switch. My
OSX server is xxx.xxx.xxx.139 the router .129.

I also have web servers at .140, .150, .155

My OSX S box came with the extra 4port ethernet card so I technically have 5
NICs...woo hoo for me.

Any way I plan to take the cable exiting my router and plug it into my OSX S
box's built-in NIC and assign the ip address .148, then I'll take a cable
from NIC 01, assigned .149 (on the 4 port card) and run it to a little 8
port 10BT hub. I'm running BrickHouse and it allows for gateway control on
soemthing and will allow me to select this...so I assume anything approved
by the ipFirewall rules will just pass through...hence I'll then be able to
from the little 8port hub, use the uplink port to connect to my 24port
switch. And finally I'll use another open NIC port on the OSX S box to run
my server off the network on IP address .139 as it always has.

My question, if anyone was able to follow my explanation above, will it work
or do I need to do something else?
_______________________________________________
macos-x-server mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macos-x-server
Do not post admin requests to the list. They will be ignored.
_______________________________________________
macos-x-server mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/macos-x-server
Do not post admin requests to the list. They will be ignored.
References: 
 >I'm going to try to establish a firewall too...need advice (From: William Levins <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.