Whee! Subnets! I feel like I'm back in my CCNA exam!
> -----Original Message-----
> From: Scott I. Remick [mailto:[EMAIL PROTECTED]]
> Sent: Friday, 9 June 2000 11:25 AM
> To: [EMAIL PROTECTED]
> Subject: Subnetting a Class C for firewall
>
[snip]
> Currently the network is on a full Class C address space,
> with a router to
> the internet. The router provides the current security, but
> it's very
> limited. There is no NAT going on and preferably it should
> remain that way
> (just want to filter traffic).
'k
>
> My idea is [snipped - all seems sensible]
Yes.
>
> Ok. So to firewall, we need to route, and to route, we need to
> subnet.
[snip]
> I've never had to subnet into a Class C
> before, so I did
> my homework and it would seem that subnets must all be of
> equal size.
Nah. You can split it in half, split the other half into halves and then use
the three pieces.
eg -
192.168.1.0/25
192.168.1.128/26
192.168.1.192/26
Are three separate networks (assuming I've done this right in my head).
[snip]
> Now, if I could subnet for up to 14 hosts on the perimeter
> network, and
> leave... what, 182? hosts on the internal network... that would be
> ideal. But I'm out of my league trying to figure out if such
> a thing is
> possible. Is it? How?
Yeah, you can, but you won't like it.
You could dual home the internal NIC in your firewall to be a member of
192.168.1.0/25 and also 192.168.1.128/26. This will effectively give you 190
or so hosts in the internal network. It kind of sucks though - all traffic
from one little internal network to the other will need to get routed
through the firewall, which is ugly as hell.
>
> Any advice/insight/nudges-in-the-right-direction appreciated.
> Thanks a bunch.
> -----------------------
> Scott I. Remick [EMAIL PROTECTED]
> Network and Information (802)388-7545 ext. 236
> Systems Manager FAX:(802)388-3697
> Computer Alternatives, Inc. http://www.computeralt.com
>
Simple Problems, Ugly Solutions.
I think I should make that my motto.
Cheers!
--
Ben Nagy
Network Consultant, Volante IT
PGP Key ID: 0x1A86E304 Mobile: +61 414 411 520
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
