OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: 2 Firewalls
From: Fredo La Malice (techniquefredvoila.fr)
Date: Thu Nov 09 2000 - 02:27:27 CST

I'm working on Pix firewall and I just want to talk about the "conduit"
notion.

A conduit open a way between 2 subnets separated by a firewall. After
you have created the conduit, you can create rules regarding this
conduit.

Maybe there is no conduit(I don't know the name used by Gardian Pro for
this notion)between LAN1 and LAN2. And so that's the reason you can't
have information from LAN2 to LAN1, even if you allowed everything on
the firewall.

>Hi,
>I have a dual homed firewall running Guardian Pro. The following is the

>configuration:
>
>LAN2 ==>Firewall2==>
> >Firewall1======>Router==>internet
> LAN1====>
>
>
>Firewall 1:
>-------------------------
>External nic (VLAN):
>ip: 10.0.0.1
>mask: 255.255.255.0
>gw: 10.0.0.2
>Internal nic: (connecting to 192.168.10.x)
>ip: 192.168.10.254
>
>LAN1:
>--------
>192.168.10.x
>GW 192.168.10.254
>
>Firewall 2:
>-------------------------
>External nic (VLAN):
>ip: 10.0.0.1
>mask: 255.255.255.0
>gw: 10.0.0.2
>Internal nic: (connecting to 192.168.10.x)
>ip: 192.168.10.254
>
>LAN2:
>-------------------------
>Workstations:
>ip: 192.168.10.x
>gw 192.168.10.254
>
>
>What I want to do is make the LAN2 workstations able to connect (Ping)
 to
>LAN1 workstations and vice versa.
>I have set the firewall2 to "allow pass all" in the rule.
>
>The LAN2 workstations can pass through the firewall and access internet
, but
>no body (LAN1 and Internet) can get into (Ping) the LAN2 workstations.
 Why?
>
>What is the functionality of VLAN?
>
>What will be the IP of the Firewall2 as seen from LAN1?
>
>I am still a beginner in the firewall technology and comment is
appreciated!
>Thanks
>Tony
>
-
[To unsubscribe, send mail to majordomolists.gnac.net with
"unsubscribe firewalls" in the body of the message.]