Try to use vlsm, both eigrp and rip 2 support it. Usually the hosts on
dmz are quite a few, you can also use nat to make the routing easy. OSPF
would not be best in this case, although it can be done.
Nat and filtering would suck very large mount of cpu power if you have
fair large # of private addresses and filtering rules.
Why don't you consider firewall as a option?
_ming
On Sat, 13 Mar 1999, Chris Brenton wrote:
> Jon Wright wrote:
> >
> > We presently have a class C network with no subnetting that is
> > connected directly to the Internet via a router. Our "firewall"
> > is packet filtering implemented by the router. We have about 50
> > systems on the network.
> >
> > We are making a quantum leap forward and setting up a DMZ. We've
> > purchased a second router and intend to implement packet filtering
> > on it, too.
>
> May I suggest Cisco IOS 11.3 or higher? At least then the filtering will
> be dynamic.
>
> > My question for the list regards addressing and subnetting. Do we
> > need any special addressing scheme to make this work? Do we need
> > to subnet our class C network? Any general tips for implementing
> > this scheme?
>
> Well you will need to assign IP addresses between the two routers if you
> plan on locating systems there. This means you have two choices:
> 1) Get additional address space from your ISP
> 2) Subnet the address space you have
>
> If you apply a 255.255.255.128 subnet mask to the front of your address
> space, you get 126 useable addresses. This leaves half your address
> space free to do with as you please. You could use the whole thing on
> your DMZ or split the address space even further. For example if you use
> a 255.255.255.192 subnet mask on the last half of your address space,
> you create two subnets capable of supporting 62 hosts. If you do not
> need this many addresses on your DMZ, you can tweak the masks as
> required.
>
> Cheers,
> Chris
> --
> **************************************
> [EMAIL PROTECTED]
>
> * Multiprotocol Network Design & Troubleshooting
> http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
> * Mastering Network Security
> http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
============================================================================
Ming Lu Email: [EMAIL PROTECTED]
Sr. Network Engineer Phone: 703-689-5290 (w)
IP Engineering 703-855-4194 (m)
Global One Telecommunications, LLT. 703-689-6575 (f)
============================================================================
"Do not pay attention to every word people say, or you may hear your
servant cursing you ---- for you know in your heart that many times you
yourself have cursed others."
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
