RE: Configuration problem

[Fei Yang]

It depends on what IP address (private of public) you want to use in your DMZ.   - If you use private IP for servers in DMZ and then static mapping on the firewall, you do not need to split your public IP.   - If you use public IP for servers and nat 0 (Cisco term) on the firewall, you need to split your public IP into two subnets, since firewall's interfaces should not be in the same network. With this configuration, you lose some available IP addresses, since some of them become network address and network broadcast address.   Hope this help. Fei. -----Original Message----- From: Gustavo Ritondale [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 28, 2002 11:30 AM To: [EMAIL PROTECTED] Subject: Configuration problem I have CDN access with 16 ip addresses. (subnet mask 255.255.255.240) I need a DMZ for servers and NAT for private LAN. I'll use ipchains firewall with 3 NICs.   Router = xxx.xxx.xxx.209   My question is: Should i divide ( split ) my 16 public addresses into 2 subnets ( with subnet mask=255.255.255.248) like         xxx.xxx.xxx.208 - xxx.xxx.xxx.215               xxx.xxx.xxx.216 - xxx.xxx.xxx.223 or i can leave subnet mask unchanged and install the firewall on xxx.xxx.xxx.210  ??   Thanks, GLR