Sounds like you're doing the classic beginner's problem of having the same network numbers on the inside and outside of the firewall. Is your ISP having you use private number's (they begin with 192, 172, 10...). If they are, you must use a somewhat different numbering scheme on the inside; otherwise the firewall (and that's any firewall) won't know where the packets 'belong' if both NICs have the same network numbers.
Once you use a different network number for your internal network, you then must enable the masquerading function so that when the internally numbered packets appear on the ISP's external network, they are translated to be tolerated by your ISP's routing equipment. Go to the Masquerading page's online help and it has an example.
If you're still stumped, give us a little more info: the network, DNS, and gateway your ISP wants you to use, whether they support DHCP, etc. When you publish numbers here, anonymize a couple of them so that people can't find you out...
Sounds like you're doing the classic beginner's problem of having the same network numbers on the inside and outside of the firewall. Is your ISP having you use private number's (they begin with 192, 172, 10...). If they are, you must use a somewhat different numbering scheme on the inside; otherwise the firewall (and that's any firewall) won't know where the packets 'belong' if both NICs have the same network numbers.
Once you use a different network number for your internal network, you then must enable the masquerading function so that when the internally numbered packets appear on the ISP's external network, they are translated to be tolerated by your ISP's routing equipment. Go to the Masquerading page's online help and it has an example.
If you're still stumped, give us a little more info: the network, DNS, and gateway your ISP wants you to use, whether they support DHCP, etc. When you publish numbers here, anonymize a couple of them so that people can't find you out...
you're right with the IP-Adresses. Especially with Astaro, a Routing Firewall. But not any firewall, there are some firewalls which could use a bridging mode.
I was thinking after I posted that whether I should bother to change my post to mention that exception; but the performance on them is lousy, so I don't take them into serious consideration.
I can't share your opinion, espacially performance. I know a Firewall where you could decide if you want the routing or bridging mode and it is rather fast. I mean the NetAsq Firewall from France. But it's a another kind of Firewall than Astaro. It is much more complex and not so cheap.
So I use the Astaro and like it in some conditions. In others I use the NetAsq.
OK. Here is the Astaro World and it is a still a good Firewall.
I cannot share your opinion on bridging firewalls. The Netscreen range is known to be among the fastest if not the fastest firewalls and they work perfectly in transparent mode aka bridging mode.
