[CentOS] More about firewalling

Ryan Wagoner rswagoner at gmail.com
Tue Oct 6 13:16:42 UTC 2009

If you just want public IPs passed to downstream devices than bridging
two NICs will allow you to accomplish this. Otherwise you will need to
setup NAT port forwards or 1:1 NAT. You assign the external IP and
internal IP when creating the NAT rule.

The device only needs to be as fast to handle the Mbps you need routed
from your ISP. Having multiple IPs isn't going to affect the speed by
much since the destination IP address is in the packet header. The
firewall is going to check the header and determine if the packet gets
passed through, blocked, or if NAT is going to be performed.


On Mon, Oct 5, 2009 at 5:45 PM, ML <mailinglists at mailnewsrss.com> wrote:
> Hi All,
> So before when I used PIX's for my employer, our traffic was
> statically routed to one IP and then the firewall decided if allowed/
> denied and passed it on or dropped it.
> I have a Comcast business circuit with 13 IP's. The gateway device
> they provide is a 'pass through' device. They sent traffic for all 13
> IP's my way. It just allows traffic through. So if I put in a device
> to firewall (like Ipcop or Vyatta or something) in front, say it has 3
> NICS, how do I do that?
> If the Firewall has IP A and Traffic for IP B comes in how would IP A
> answer and decide if the traffic to IP B belonged?  Without statically
> routing I am confused on how to accomplish this?
> How fast does this device need to be?
> Best,
> -Jason
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

More information about the CentOS mailing list