On Wednesday 22 October 2003 02:26 am, Erich Titl wrote: > Hi > > I am deploying Bering 1.2 systems as firewalls/VPN tunnel endpoints to > build what they call extruded subnets in freeswan jargon > Here a little bit of ASCII art > > client net > 10.230.60.0/24 (for historical reasons) > ¦ > 10.230.60.1 Bering / customer VPN endpoint > xx.xx.xx.xx (any old public address) > > internet > > xx.xx.xx.xx (any old public address) > Bering / outer firewall / NAT / VPN endpoint > 192.168.180.1 > > DMZ 192.168.180.0/23 > > 192.168.180.2 > Bering / inner firewall / 2 or 3 NICs > 192.168.52.1------------- > > | internal subnet > | 192.168.52.0/22
Your largest problem is going to be routing unless the router is on a 192.168.0.0/16 subnet. Your NetBIOS traffic can't be routed on a /24 or through the second stage of NAT (between the DMZ/internal net) without NAT-transversal. -- ~Lynn Avants Linux Embedded Appliance Firewall Developer http://leaf.sourceforge.net http://guitarlynn.homelinux.org:81 ------------------------------------------------------- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html