Dan, Road Runner does not allow static IP's but I can work around that since they seem to lease for life unless you reset the cable modem. I wanted to use a 3rd nic in the lrp box to avoid using a port on the hub. Can I do what you suggest using an ip in the same range as Subnet 1 for eth2 and the attached DMZ machine? I didn't think it was easy to route that way. Shows how little I know.
Kory Dan Schwartz wrote: > > Dear Kory, > > It seems you're in "subnet hell." > > Since you'll only have one machine in the DMZ (ass opposed to a whole bunch > of failover OpenVMS clusters(!)), what you want to do is set: > > The WAN side to either a static IP assigned by your ISP or to acquire a > "real" IP address from them; > > The "regular LAN" (hub) side of your gateway/router to 192.168.1.1, > connecting to all of your PC's & Macs; > > The machine connected to the DMZ port to 192.168.1.2 > > This way, all of your "home PC's" will have IP addresses between 192.168.1.3 > and 192.168.1.250; > > And all machines will have subnet masks of 255.255.255.0 > > ...With gateway of 192.168.1.1 > > ...Then, the LEAF box will take care of the rest! > > Cheers! > Dan > > PS: K.I.S.S.: Keep It Simple, S**thead! <vbg> > > >-----Original Message----- > >From: Kory Krofft > >Subject: Re: [Leaf-user] adding a subnet > > > > > >Dan, > > > >Thanks for the response. > > > > > >> Do you have the subnet set to 255.255.248.0 or wider across all > >the machines > >> across the LAN & DMZ? > >All subnet masks are 255.255.255.0 Is that OK? > > > >> Instead, I usually use 192.168.1.x for the internal LAN > >and 192.168.0.x for > >> the DMZ zone; with a "double-C" subnet of 255.255.254.0. > >> > >> If I only have one server in the DMZ - Better since it's > >easier to harden a > >> single machine - I assign it 192.168.1.2, and the rest of the > >machines inside > >> the firewall 192.168.1.3 through ...250. > > > >The DMZ will be a single machine. Primarily a game server and FTP server > >for tranferring files from work to home and back that are too large to > >email. I am confused be your response where you say 192.168.0.x for the > >DMZ but later say you assigned it 192.168.1.2. What am I missing? > >My main subnet is all using fixed IPs of 192.168.1.x. This consists of a > >houseful of Win 98 machines used for email and web access primarily. The > >DMX is a Redhat machine. > > > >Thanks, > > > >Kory > >> Hope this helps! > >> Dan > >> > >> >-----Original Message----- > >> >From: Kory Krofft > >> >Sent: Tuesday, December 25, 2001 4:09 PM > >> >To: [EMAIL PROTECTED] > >> >Subject: [Leaf-user] adding a subnet > >> > > >> > > >> >Merry Christmas! > >> >I am adding a subnet so I can later open it up as a DMZ. I have made > >> >some progess so far. Using Dachstein floppy my plan looks like this: > >> >eth0 Public side of the lrp > >> >eth1 private net 1 using 192.168.1 subnet > >> >eth2 private net 2 (DMZ) using 192.168.10 subnet > >> > > >> >LRP can ping both subnets > >> >subnets cannot ping each other > >> >192.168.10 cannot ping anything > >> >192.168.1 has full internet access but cannot ping past firewall(name > >> >resolution works) > >> > > >> >Assume the simplest errors and send me a note please. If you wish to see > >> >a particular config file just ask and I will post the pertinent section. > >> > > >> >Thank you, > >> > > >> >Kory Krofft > > > > > >_______________________________________________ > >Leaf-user mailing list > >[EMAIL PROTECTED] > >https://lists.sourceforge.net/lists/listinfo/leaf-user > > _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
