Mason,
actually with just a slight modification, you could easily
number you internal address space with the class 'b' rfc1918
sized chunks you referred. this saves registered address space
allowing you use use that for dmz, external facing proxy nics
and internal wan link on a /30 bit boundary. just make sure the
address trans dont choke the chokes. okay..bad joke but you get the
picture.
piranha...
>From: [EMAIL PROTECTED]
>To: <[EMAIL PROTECTED]>
>Subject: My FreeBSD Firewall
>Date: Mon, 29 Jan 2001 21:52:34 -0500
>
>Hello. I am building a Firewall and have some questions about how to
>implement
>it. The basic firewall is a FreeBSD box running squid for transparent
>proxy,
>IPFW for dummynet to rate limit syn's, and IPF as my main statefull packet
>filter. The problem I have is with putting this into production. I have a
>T1
>to the internet, the routers IP address is 172.16.1.1(well not really but
>it
>works for the example) and all of the computers on the LAN are in the
>172.16.1.0
>(once again..only for the example) network. So here I get to the
>question....is there any way to set the firewall with the same IP address
>as
>the router to make the install fairly transparent to the users? Could I
>set
>the firewall up as 172.16.1.1 and use NAT to let it communicate with the
>router
>for internet traffic? How would I set up my routing tables? Also if
>anyone
>has any input as far as how I am building my firewall that would be very
>appreciated.
>
>Thank you,
>Mason
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
