[EMAIL PROTECTED],
Out of curiosity, why wouldn't you want to use private addresses? If
the issue is that you want to have a Web server at a.b.c.4, a mail
server at a.b.c.5, an ftp server at a.b.c.6, etc., then you can achieve
this with NAT on the firewall.
I think the confusion might be that you're thinking that the firewall
can only do one sort of NAT, which is masquerading (where all private
addresses translate to a single registered IP address). You can also do
static NAT where
10.0.0.192 translates to a.b.c.4
10.0.0.231 translates to a.b.c.5
so on and so forth.
Some firewall products enable this (e.g., Checkpoint FW-1). Some do not
(e.g., WatchGuard Firebox). Just make sure you get a firewall with the
feature set you're interested in.
Jen
Ben Nagy wrote:
>
> Couldn't you just tell the firewall specifically which IP addresses are in
> the trusted network and which weren't? Failing that can you variably subnet
> your class C so the firewall thinks of them as different networks?
> That's assuming that you really need to avoid using NAT, which is generally
> contraindicated....
>
> --
> Ben Nagy
> Network Consultant, CPM&S Group of Companies
> Direct Dial: (08) 8422 8319 Mobile: (0414) 411 520
> -----Original Message-----
> From: Paul Gracy [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, May 25, 1999 2:43 AM
> To: [EMAIL PROTECTED]
> Subject: RE:
>
> The biggest problem with this design is not the firewall.. it's the routing
> table...
>
> I've never tried, but I think PIX might be able to do this based on
> aliases... but you really need to rethink your design and get your subnets
> separated somehow or you're going to have issues, no matter whose firewall
> you choose.
>
> IMHO.
>
> -----Original Message-----
> From: Ask - [mailto:[EMAIL PROTECTED]]
> Sent: Friday, May 21, 1999 5:53 AM
> To: [EMAIL PROTECTED]
> Subject:
>
> Hi,
> Do anyone know what firewall product that can do this
>
> Internet ------- Router -------- Firewall ----- Internal
>
> where
> Router ip is a.b.c.1
> Firewall ip is a.b.c.2
> Internal ip is a class C register IP addresss a.b.c.3 -- a.b.c.254
>
> The normal firewall product is require to have one register IP and
> the internal lan is in private IP address. And all internet services is
> go
> through the proxy Firewall.
> What I am looking for is that the Firewall can able to protected the
> internal Lan with the internal ip is a range of register internet IP
> address instead of the private IP (192.168.x.x.). The Firewall is only
> open
> up those allow services to go out like http, ftp , etc...
>
> The Firewall can be software or hardware solution.
>
> Thanks.
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
