Darren, 

This is a valid layout, but of course you should not advertise the 192.168.1/24 or 
10.60/16 info to the internet. (Not that it would go very far anyway...) The private 
addresses will not be reachable via the Internet without some form of translation, but 
you can still transit traffic for public addresses (Internal Network) through the 
privately addressed networks. IP traffic is routed per-hop, so each router only needs 
to know the address of the next router closer to the destination, not the entire path.*

--tcw

* Actually, source routed traffic is not always forwarded to the nearest neighbor, but 
you should be blocking it anyway.

Date: Tue, 09 Mar 1999 08:28:33 -0800
From: Darren Ehmke <[EMAIL PROTECTED]>
Subject: Is this a valid layout

Hi,

    We are setting up a firewall and have ran into a couple of difficulties with 
routing and
ipfwadm.  Something that I recently thought of was, we use 2 private networks to 
accomplish
the task.  Can 2 private networks be crossed to attain the Internet?  The layout is 
below.
Thanks in advance.

                  Internet
                    \|/
                     |
              Cisco Router (ISP)
                     | 999.170.224.104  mask: 255.255.255.252
                     |
                     |
                     | 999.170.224.105  mask: 255.255.255.252
              Cisco Router (ours)
                     | 888.64.128.33    mask: 255.255.255.224
                     |
                     |
                     | 888.64.128.40    mask: 255.255.255.224
               First Linux Box
                     | 192.168.1.40     mask: 255.255.255.0
                     |
                     |
                     | 192.168.1.41     mask: 255.255.255.0
               Second Linux Box
                     | 10.60.1.41       mask: 255.255.0.0
                     |
                     |
                     |
                    /|\ 10.X.X.X        mask: 255.255.0.0
            Our Internal Network


Darren     [EMAIL PROTECTED] 

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to