TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TCLUG:18127] Firewalled subnet configuration?
- To: tclug-list@mn-linux.org
- Subject: Re: [TCLUG:18127] Firewalled subnet configuration?
- From: Daniel Taylor <dante@plethora.net>
- Date: Wed, 24 May 2000 22:47:24 -0500 (CDT)
- In-Reply-To: <392C4206.4477A826@tc.umn.edu>
There it is: Firewall and Router have 2 interfaces each.
One of Router's interfaces is determined upstream.
You need to assign 2 addresses to Firewall, for routing
purposes they need to be on different subnets (firewall is
also a router...).
So you could use a /30 on the router-firewall link and use the rest
behind firewall.
Daniel Taylor Embedded and custom Linux integration.
dante@plethora.net (612)747-1609
On Wed, 24 May 2000, Troy Johnson wrote:
> Tom,
>
> This is a little confusing because the IP addresses should be attached
> to interfaces, not hosts (though with the usual one interface per host,
> it is easy to make this mistake). So the firewall machine would have
> 200.0.0.5 on eth1, and some other IP Address on eth0, or vice versa.
> Perhaps a private /30 address network could be used for the link between
> the router and the firewall (I don't do this all day, so if that
> shouldn't be done, please let us know).
>
> Also, the subnetting doesn't line up quite right:
>
> Subnet 200.0.0.0/28 = 200.0.0.0/255.255.255.240
> 200.0.0.0 - 200.0.0.15 IP Addresses
> 200.0.0.1 - 200.0.0.14 = 14 Usable IP Addresses
>
> on the other hand
>
> Subnet 200.0.0.4/30 = 200.0.0.4/255.255.255.252
> 200.0.0.4 - 200.0.0.7 IP Addresses
> 200.0.0.5 - 200.0.0.6 = 2 Usable IP Addresses
>
> This could be all wrong, so don't blow up buildings or reroute rivers
> based on what I just said, but I think it is correct.
>
> Good luck,
>
> Troy
>
> "Thomas T. Veldhouse" wrote:
> >
> > I posted a more confusing version of this question earlier and thought I
> > would make a better attempt at it. Hopefully, I have included only relevent
> > data.
> >
> > For the sake of argument let's say that I have the following (made up IPs)
> > and I have to do it this way. How can I configure my interfaces?
> >
> > Subnet: 200.0.0.0/28
> > IP Addresses available: 200.0.0.4 - 200.0.0.7 (public routable internet
> > addresses)
> >
> > Internet
> > |
> > |
> > -------------
> > | Router |
> > | 200.0.0.6 |
> > -------------
> > |
> > |eth0
> > |
> > -------------
> > | Firewall |
> > | 200.0.0.5 |
> > -------------
> > |
> > |eth1
> > |
> > -------------
> > | |
> > | |
> > ----------- -----------
> > | WS1 | | WS2 |
> > | 200.0.0.4 | | 200.0.0.7 |
> > ----------- -----------
> >
> > A possible, but less desirable alternative would be:
> >
> > Internet
> > |
> > |
> > -------------
> > | Router |
> > | 200.0.0.6 |
> > -------------
> > |
> > |eth0
> > |
> > -------------
> > | Firewall |
> > | 200.0.0.7 |
> > -------------
> > |
> > |eth1
> > |
> > -------------
> > | |
> > | |
> > ----------- -----------
> > | WS1 | | WS2 |
> > | 200.0.0.4 | | 200.0.0.5 |
> > ----------- -----------
> >
> > Does anybody know of a simple configuration for this setup? Your help would
> > be greatly appreciated.
> >
> > Tom Veldhouse
> > veldy@veldy.net
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> > For additional commands, e-mail: tclug-list-help@mn-linux.org
>
> --
> <a href="http://umn.edu/~john1536">Troy Johnson</a>
>
> A cop stopped me for speeding. He said, 'Why were you going so
> fast?' I said, 'See this thing my foot is on? It's called an
> accelerator. When you push down on it, it sends more gas to the
> engine. The whole car just takes right off. And see this thing?
> This steers it'
> -- Stephen Wright
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> For additional commands, e-mail: tclug-list-help@mn-linux.org
>