Darren,
This is a valid layout, but of course you should not advertise the 192.168.1/24 or
10.60/16 info to the internet. (Not that it would go very far anyway...) The private
addresses will not be reachable via the Internet without some form of translation, but
you can still transit traffic for public addresses (Internal Network) through the
privately addressed networks. IP traffic is routed per-hop, so each router only needs
to know the address of the next router closer to the destination, not the entire path.*
--tcw
* Actually, source routed traffic is not always forwarded to the nearest neighbor, but
you should be blocking it anyway.
Date: Tue, 09 Mar 1999 08:28:33 -0800
From: Darren Ehmke <[EMAIL PROTECTED]>
Subject: Is this a valid layout
Hi,
We are setting up a firewall and have ran into a couple of difficulties with
routing and
ipfwadm. Something that I recently thought of was, we use 2 private networks to
accomplish
the task. Can 2 private networks be crossed to attain the Internet? The layout is
below.
Thanks in advance.
Internet
\|/
|
Cisco Router (ISP)
| 999.170.224.104 mask: 255.255.255.252
|
|
| 999.170.224.105 mask: 255.255.255.252
Cisco Router (ours)
| 888.64.128.33 mask: 255.255.255.224
|
|
| 888.64.128.40 mask: 255.255.255.224
First Linux Box
| 192.168.1.40 mask: 255.255.255.0
|
|
| 192.168.1.41 mask: 255.255.255.0
Second Linux Box
| 10.60.1.41 mask: 255.255.0.0
|
|
|
/|\ 10.X.X.X mask: 255.255.0.0
Our Internal Network
Darren [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
