[TCLUG] Firewall/Router Setup

[Nathan Davis]

Hi,

We have a Cisco 675 DSL router connecting the local network to the
Internet.  I'd like to put a firewall between the LAN and the Internet.
We have a block of 8 address (6 after account for broadcast and network
address), and don't want to use any more than necessary.

The Cisco is operating in ppp mode (bridging mode *might* work, but we
don't have a management cable to get it back out if it doesn't), so that
burns one address.  The firewall would require two more addesses, which
would leave only three for the rest of the network.  Obviously, I'm
looking for a way to free up some of these addresses.  NAT is not an
option for some machines.

After thinking about this for awhile, I was wonding if I really need to
use two *real* ip addresses on the firewall machine.  Or even if there's
a way to set up a default route to an interface with no ip address
assigned.  Another option might be to have the cisco (and possibly the
firewall too) obtain an ip address via dhcp (I don't know how the other
end might take this, though), or assign the interface connecting the
firewall to the Cisco a "fake" address.

Anyone have any suggestions -- what's worth trying, what won't work, new
ideas, etc.?

--Nathan Davis