this flexibility depends on part on the routing protocol(s)
being used, and in some instances on the platform being
used for routing. not all protocols support variable length
subnet masks, and as many people playing with gated
on various unix platforms discovered, not all unix
variants supported variable length masks. running
a routing protocol that supported variable length
masks didn't help much if the routes couldn't be
installed into the kernel...
note that it may not be a good idea to be running
a complex routing protocol, or perhaps any routing
protocol, on a firewall. if one is going to do so, one
should think hard about the security issues of doing
so.
-paul
--On Thursday, 17 August, 2000 14:13 -0400 "Michael T. Babcock"
<[EMAIL PROTECTED]> wrote:
> Subnetting is much more flexible than you would lead one to believe. I
> can re-subnet any subnet if I wish to, for example.
>
> I may have 10.0.0.0/8 as my enterprise level network, and decide to
> allocate 10.1.0.0/16 and 10.2.0.0/16 to my Russian and Ukraine networks,
> in that order.
> I would then give the Canadian group the 10.[3-127].0.0/16 networks to
> work with.
>
> One of those Candian groups may decide to give accounting 10.3.12.0/24
> ... and segment them from the network via a firewall, etc.
>
> Its all routing issues after you make these decisions.
>
> ----- Original Message -----
> From: "Amit Kaushal" <[EMAIL PROTECTED]>
>
>>
>> You are using a class A address with a wrong subnet mask. the
>> subnet mask should be 255.0.0.0. Make sure you require such a huge
>> IP
> address
>> range for your private network. Use class C if you need a smaller
>> address space. like 192.X.X.X. depends on your network.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
