On Fri, 12 Apr 2002 12:34:58 +0200 "Stephan Balmer" <[EMAIL PROTECTED]> wrote: > ... > > > Another way would be to turn the firewall into a router and use > > > private IPs for the network between Firewall and router. So > interface > > > 1 of the firewall gets 10.0.0.1 and the routers interface > > > 10.0.0.2. This is not prefered since I don't like messing with > > > that router. > > > > That's the setup I use, and it works like a charm (with proper > iptables > > configuration). But perhaps you don't have to resort to private > > addresses, don't you have a couple left from the class C pool? > Hm, I sure have two free addresses, but then I would have to subnet > our Class C net, which is not what I want... > Or did I misunderstand? I thought to get the router-firewall and the > router to route my packets, the connection between them has to be in > another subnet than mine. Because for a router there's nothing to > route if his interfaces are connected to the same IP-subnet.
Sorry, my bad. I have a private internal network 192.168.0.x/24 and another private network 192.168.4.x/24 between the firewall and the router. So it seems your 2nd option would be the way I'd go. But my job was eased by the fact that I only had to tell my router to change it's interface 0 IP address, it handled its internal configuration automatically. I didn't touch anything else on the router. Perhaps you have no such luck? -- Carlos Sousa PS. no need to reply to me, I'm subscribed. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
