"Scott I. Remick" wrote:
>
> Now, if I could subnet for up to 14 hosts on the perimeter network, and
> leave... what, 182? hosts on the internal network... that would be
> ideal. But I'm out of my league trying to figure out if such a thing is
> possible. Is it? How?
If your firewall does Proxy ARP and dynamic subnetting, it's
definately possible.
In essence, you add one /24 route to the internal network, and
14 separate (or one aggragate /28 route) to the perimeter hosts.
All machines would then be configured with the same network
info (255.255.255.0 netmask), and the firewall would be answering
ARP queries (with its own MAC address) for machines "on the other
side of the firewall".
I'm doing it all the time, and it works like a charm.
--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 �RNSK�LDSVIK
Phone: +46-(0)660-29 92 00 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-66 77 636
WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
