Could you block them on one firewall while enabling them on the other.
Would this force the packets to be routed through the appropriate firewall?
Cheers,
Russ
----------
From: mail06823 @
pop .
net[SMTP:mail06823 @
pop .
net]
Sent: October 25, 1995 12:53 AM
To: firewalls @
GreatCircle .
COM
Subject: Routing through Multiple Firewalls HELP
I have a situation where I need to have two separate TCP/IP enabled PC's,
on the
same LAN segment, go out to the Internet via two separate routes /
Firewalls.
The issue is the following. We are a highly meshed networking
environment, and
the routing can be complex. OSPF is the routing protocol.
I have a couple of thoughts....one would be coming up with the routing
answer....but I'm not sure of the subtleties. I can't use the
/etc/defaultrouter method since I have hops to make to get to the Internet
firewall. One thought is to change my IP addresses for the segments where
the
firewalls are and route traffic accordingly to these unique addresses.
Another thought I had was pointing each of these devices to different DNSs.
Each DNS would be a forwarder to the DNS on the outside of the firewall,
which
of course would resolve all the way up to the root servers.
But I don't think this would resolve my routing issue regardless. These
users
need regular internal net services...but also need to be able to HTTP, FTP,
etc.
out to the big bad Internet seamlessly. For undescribable reasons, they
MUST
go through the separate, non co-located INET routers / firewalls.
Any suggestions would be appreciated.
|
|
