For good information for subnetting goto www.cramsession.com or
www.braindump.com. I used them to study for my certification and they were
great. Also, I used www.dogpile.com and did a search on "TCP/IP,Subnetting"
and came up with some good tutorials as well.
Regards,
Pat Cannon
>From: "Scott I. Remick" <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED]
>Subject: Subnetting a Class C for firewall
>Date: Thu, 08 Jun 2000 21:55:10 -0400
>
>I'm trying to get a plan together to set up a firewall on a network and
>have some issues that I haven't sorted out yet. Perhaps someone can help
>me.
>
>Currently the network is on a full Class C address space, with a router to
>the internet. The router provides the current security, but it's very
>limited. There is no NAT going on and preferably it should remain that way
>(just want to filter traffic).
>
>My idea is to create a screened subnet using a merged interior/exterior
>router in addition to the existing router. The merged router (firewall)
>ends up being a triple-homed host (FreeBSD box), with a NIC to the
>internet, a NIC to the perimeter network, and a NIC to the internal
>network. The internet router only talks to the FreeBSD box, which permits
>some communication with servers on the perimeter network (FTP, WWW, mail,
>etc), and keeps a tighter watch on traffic to and from the internal network
>(even if it's from the perimeter network, in case one of those servers
>becomes compromised).
>
>With me so far?
>
>Ok. So to firewall, we need to route, and to route, we need to
>subnet. Barring any faults in my ideas so far, I'm stumped as to how to
>subnet the current Class C to easily permit this and make best use of the
>address space. So far they've been spoiled with their addressing, but no
>more after this. I've never had to subnet into a Class C before, so I did
>my homework and it would seem that subnets must all be of equal size. This
>is bad, because the perimeter network only needs to support a few hosts,
>while the internal network needs to support a much larger number (I don't
>need a third subnet, figuring I can use a private address space such as
>10.0.0.1 <-> 10.0.0.2 for the segment between the internet router and the
>FreeBSD box, correct?).
>
>Of course, as I'm just diving into subnetting, I'm still a little
>confused. If I were to divide into 2 subnets, would it be 62 or 126 hosts
>per subnet? 62 would be too small, while 126 would be annoying but perhaps
>liveable (not to mention a waste, as the perimeter network doesn't need
>anywhere near that).
>
>Now, if I could subnet for up to 14 hosts on the perimeter network, and
>leave... what, 182? hosts on the internal network... that would be
>ideal. But I'm out of my league trying to figure out if such a thing is
>possible. Is it? How?
>
>Any advice/insight/nudges-in-the-right-direction appreciated. Thanks a
>bunch.
>-----------------------
>Scott I. Remick [EMAIL PROTECTED]
>Network and Information (802)388-7545 ext. 236
>Systems Manager FAX:(802)388-3697
>Computer Alternatives, Inc. http://www.computeralt.com
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
