Re: Firewall questions

Rodney W. Grimes (freebsdgndrsh.dnsmgr.net)
Thu, 4 Nov 1999 10:19:34 -0800 (PST)

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Sandipan Panigrahi: "sendmail connections staying open."
• Previous message: Carroll Kong: "Re: FW: rc.firewall"
• In reply to: Curtis Schofield: "Re: rc.firewall"
• Next in thread: Jim Flowers: "Re: Firewall questions"

> > 4) How do I properly set up routes for a dual-homed firewall where both
> > sides are within the same class C? This is the first time I've ever had to
> > play with routing and gateways.
>
> Subnet them into /25's, or use RFC1918 addresses on the inside.

Variable length subnet them into a /30 between the firewall and the
outside router, use the rest inside. I generally don't put more
than 32 or 64 IP's on one ethernet segment and don't use proxy arp
or number virtuals (see ARIN guidlines on IP space usage).

ifconfig_ed0="inet A.B.C.2 netmask 0xfffffffc"
ifconfig_ed1="inet A.B.C.33 netmask 0xffffffe0"

You can use the rest by routing them off someplace else later. You should also
really do a proper IP space plan...

-- 
Rod Grimes - KD7CAX  CN85sl - (RWG25)               rgrimesgndrsh.dnsmgr.net
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: Sandipan Panigrahi: "sendmail connections staying open."
• Previous message: Carroll Kong: "Re: FW: rc.firewall"
• In reply to: Curtis Schofield: "Re: rc.firewall"
• Next in thread: Jim Flowers: "Re: Firewall questions"

This archive was generated by hypermail 2.0b3 on Thu Nov 04 1999 - 12:19:35 CST