|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: (no subject)
From: Christopher Francy (francyci
CNW.COM)Date: Wed Oct 04 2000 - 11:35:09 CDT
- Next message: Guilherme Oliveira: "Re: Permissions in Debian/Slackware"
- Previous message: Avery Payne: "Re: Subnetting, firewall setup"
- Maybe reply: Christopher Francy: "(no subject)"
- Reply: Lennert Buytenhek: "Re: your mail"
- Reply: john slee: "Re: your mail"
- Reply: fire-eyes: "Friendly request: Please don't use blank subjects."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
You don't need the extra address space. You don't need to use bridging as
another person suggests.
Ok heres what I do.
Border router (you called it the T1 router)
Serial address=123.42.47.90/whatever
Ethernet address=192.168.0.1/24
default route towards the ISP
net route for 206.48.288.1/24 points to 192.168.0.2
Firewall router (linux
Ether 0 addr = 192.168.0.2/24
Ether 1 addr = 206.48.288.1/24
default route to 192.168.0.1
So what you do is use private IP on that 2 host segment. This works
because the only computer thats ever needs to get to the border router
192.168.0.1 is the firewall and the only thing the oppisite is also true.
You don't have to setup any masquerading at all because the only
communication is between the firewall and the router.
Plus you have a slight added bonus with this scenario in that no one can
get to the outside address of your firewall unless the break your border
router.
I am using this it 2 firewally situations one with 8 class C's behind the
firewall and one net with 2 class C's behind it.
The only problem that I have ever seen in the situation is that my
traceroute times out on that hop. Which is understandable.
Of course you could also get a T1 card for you linux box or a serial card
and a external CSU/DSU. But sounds like you already have the router.
Chris
From: Dave Akins <dave600PACBELL.NET>
Subject: Subnetting, firewall setup
I am familiar with using Linux as an IP Masq/gateway box to hook a
private network to a public IP space. Now I have a new problem...
I have a class C network that I've been given from my ISP. The T-1
router sits at .1. I would like to set a Linux box up to be the
firewall for everything in this Class C? Rather than order a smaller
network to sit between the ISP and the Class C, is there a way I can do
this with ONLY the Class C? Or am I best off ordering a small 2-host
network to sit between the T-1 router and the Linux?
- Next message: Guilherme Oliveira: "Re: Permissions in Debian/Slackware"
- Previous message: Avery Payne: "Re: Subnetting, firewall setup"
- Maybe reply: Christopher Francy: "(no subject)"
- Reply: Lennert Buytenhek: "Re: your mail"
- Reply: john slee: "Re: your mail"
- Reply: fire-eyes: "Friendly request: Please don't use blank subjects."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]