RE: [gb-users] IP pass through

Thu, 07 Feb 2002 09:59:55 -0800 


> > > I understand that this is not the easiest thing to do and I
> > > look through the
> > > archives but could not find anything to help me.
> > >
> > > external interface 209.52.124.113 netmask 255.255.255.240
> > > default gateway 209.52.124.126
> > >
> > > I want to locate an ip 209.52.124.124 behind the firewall.
> > > Do I need to
> > > adjust the netmask for the external interface?  I was sort of
> > > thinking that
> > > it could work with a netmask of 255.255.255.248 which would
> > > produce a range
> > > of 113-118 and 124 would be on a different network.  But if I
> > > did that I
> > > don't know how to get the external interface to see the 
> > > default route
> >
> > Is it possible to change your EXT IP address to something
> > higher?  Other than that I don't think this will work
> > unless you get your ISP to allocate a range of IP
> > addresses that is more amenable to this type of subnetting.
> 
> Higher within the existing range....yes it could got to 
> anything between
> .116 and .123
> [...]
> [T]he machine has a VPN client that allows us access to a supplier
> network (it is manually keyed)


If you use an address between 209.52.124.121 and 209.52.124.125
with a netmask of 255.255.255.248, then the EXT address of the
GNAT Box would be on the same subnet as the router, and the
remaining subnet (209.52.124.113 - 209.52.124.118 with a netmask
of 255.255.255.248) could be used as the DMZ subnet.

In order for this to work:
1.  You would have to be able to change the VPN client's IP
    address to be in the lower subnet.
2.  You would need to change the subnet mask on the router
    and add a static route to the lower subnet.  The gateway
    to the lower subnet would be the IP address that you
    assigned to the GNATBox EXT.


Mike Burden
Lynk Systems
http://www.lynk.com
(616)532-4985
[EMAIL PROTECTED]


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
To subscribe to the digest version first unsubscribe, then
 e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to