CC-ed back to debian-user. On Fri, 10 Jul 1998 [EMAIL PROTECTED] wrote:
i know this is urgent for you, sorry to take so long to reply...have been busy. btw, you would have been better off cc-ing your question to debian-user. i'd still get a copy and you might have got a quicker answer from someone else....I'm not the only person who can help you, there are lots of knowledgeable and helpful people on the mailing list....also, many people read debian-user to learn from watching the questions and answers, so it's better to have answers posted there. > We share the cisco router and the c-net with an other company. I can't > put all of the 192.12.120.0/24 net inside the fw (but I can subnet the > c-net). > > I want somthing like this: > > inet <--> cisco (192.12.120.254???) > | > hub----other company (192.12.120.0/25) > | > |eth0 > fw > |eth1 > | > our network (192.12.120.128/25) > > Is this possible without changing anything in the cisco? What netmasks > should I use on the fw? Please help, I'm getting more and more confused > the more I read about this. yes, this is possible, but you will have to make a few small changes to the cisco. you'll have to change the netmask on it's ethernet interface to a /25, and you'll have to route the second /25 via the firewall's eth0 interface. also, you'd be better off assigning 192.12.120.128/25 to the other company, and 192.12.120.0/25 to your company. this is because the cisco is .254, thus is in the .128/25 subnet. i'd suggest: external (unfirewalled) net: network: 192.12.120.128 netmask: 255.255.255.128 broadcast: 192.12.120.255 cisco: 192.12.120.254 firewall eth0: 192.12.120.253 other hosts: 192.12.120.129 - 192.12.120.252 internal (firewalled) net: network: 192.12.120.0 netmask: 255.255.255.128 broadcast: 192.12.120.127 firewall eth1: 192.12.120.1 other hosts: 192.12.120.2 - 192.12.120.126 i note that you ask "What netmasks should I use on the fw?". That's not exactly the right question....the netmask you use must be used on all hosts on the network. this will mean reconfiguring every host, router, ethernet printer, and hub (if your hubs have ip addresses for snmp monitoring). if you don't change the netmask on all the hosts/devices then they will have no way of knowing that the net is subnetted. they will expect to find the full 192.12.120.0/24 on the local ethernet, so they won't route packets to hosts in the other subnet via the cisco, they'll just try to send it directly - which won't work. btw, here's a useful reference for you: http://ipprimer.2ndlevel.net/ it's a good summary/intro to IP networks. and another: http://www.internetnorth.com.au/keith/networking/subnet1.html a set of tables which can be very useful for subnetting. you can find more by going to altavista or somewhere and searching for "CIDR and subnet". craig -- craig sanders -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null