Jon Wright wrote:
>
> We presently have a class C network with no subnetting that is
> connected directly to the Internet via a router. Our "firewall"
> is packet filtering implemented by the router. We have about 50
> systems on the network.
>
> We are making a quantum leap forward and setting up a DMZ. We've
> purchased a second router and intend to implement packet filtering
> on it, too.
May I suggest Cisco IOS 11.3 or higher? At least then the filtering will
be dynamic.
> My question for the list regards addressing and subnetting. Do we
> need any special addressing scheme to make this work? Do we need
> to subnet our class C network? Any general tips for implementing
> this scheme?
Well you will need to assign IP addresses between the two routers if you
plan on locating systems there. This means you have two choices:
1) Get additional address space from your ISP
2) Subnet the address space you have
If you apply a 255.255.255.128 subnet mask to the front of your address
space, you get 126 useable addresses. This leaves half your address
space free to do with as you please. You could use the whole thing on
your DMZ or split the address space even further. For example if you use
a 255.255.255.192 subnet mask on the last half of your address space,
you create two subnets capable of supporting 62 hosts. If you do not
need this many addresses on your DMZ, you can tweak the masks as
required.
Cheers,
Chris
--
**************************************
[EMAIL PROTECTED]
* Multiprotocol Network Design & Troubleshooting
http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
