Oh, I think what you want to do is use unregistered IP
addresses behind the firewall.
RFC1918 set aside some ranges of addresses for use as
unregistered IP addresses. They are:
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
Which essentially breaks down as a Class "A" subnet, 16 Class "B"
subnets, and 256 Class "C" subnets.
Depending on how much growth you project you can choose one of
these address ranges (for example, you might choose to assign
addresses from the 192.168.1.0/255.255.255.0 subnet to hosts
on your LAN). You also assign one address from this subnet
to the GNAT Box PRO interface.
Then you give the GNAT Box EXT interface one of the IP addresses
that your ISP gave you (ie, 210.240.164.130).
The GNAT Box will NAT all traffic coming out of the
Protected Network (your LAN) so that it appears to have
come from the GNAT Box EXT address.
If you have Webservers, FTP Servers, and so on then you also
want to set up a PSN (DMZ) network. Just choose another
range of addresses from the RFC1918 list shown above
(ie, 192.168.2.0/255.255.255.0) and assign addresses from
this range to the GNAT Box PSN interface and to your
Internet servers. Use another hub (not your LAN hub!!)
to connect the Internet servers to the PSN.
Follow the directions in the GNAT Box documentation to
tunnel HTTP, FTP, etc. to your Internet servers.
One thing you may have realized if you are still with me
is that unless you have a LOT if Webservers and FTP servers,
you have way more IP addresses than you need. Since the
Network Address Translation allows all the machines on your
LAN to use the same IP address on the Internet, you may be
able to save a few bucks by trading your range if IP addresses
in for a smaller set.
Finally, if you are running your own mail server you should
use the GNAT Box email proxy to proxy incoming SMTP (email)
connections to your email server.
Mike Burden
Lynk Systems
(616)532-4985
[EMAIL PROTECTED]
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Bryan T. Schmidt
Sent: Friday, July 14, 2000 3:28 PM
To: John Ross
Cc: [EMAIL PROTECTED]
Subject: Re: howto route?
--------------------- Attention -----------------------------
Online GNAT Box User Forum is Now Open
Click the Register link and sign up today
http://www.gnatbox.com/cgi-bin/Ultimate.cgi
-------------------------------------------------------------
Send postings to: [EMAIL PROTECTED]
Access the list archives at: http://www.gnatbox.com/gb-users/
-------------------------------------------------------------
Oh, I have the light version, and am testing it, but my difficulty is
conceptual... normally, all network interfaces are attached to different
networks, but what I am loking for is more akin to a bridging firewall. I
do
not know how to put the same network addresses on two different interfaces,
or
even if that is a good way to approach it...
-Bryan
John Ross wrote:
> Why don't you download the demo version or the light version and try to
set
> it up yourself? Actually implementing what you have described is probably
> much easier than you think.
>
> -John
--
Bryan T. Schmidt
Systems/Network Administrator
[EMAIL PROTECTED]
Profitool Inc.
----------------------------------------------
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe gb-users your_email_address
in the body of the message
