Here's a quick configuration I want to run by people to find out if it is
legal & will work...
________
_( )_
(_ INTERNET _)
(________)
___|___
| c |
| -+--> 'External' router (has a globally unique IP address)
|_a__b_|
| |
| +----------------------- Ethernet segment 'DMZ' With
| | | | | | Firewall 'Bastion' hosts - Globally
| unique IP addresses
__|____
| d |
| ---+--> 'Internal router'
|_______|
|
___|____
_( )_
(_ INTERNAL _) Internal hosts have globally unique
( LAN ) Addresses (historic)
(______)
Interface 'c' has a valid address for the world so does 'b'.
The link between interface 'a' on the external router and 'd' on the
internal router is a bit of wire - a crossed cable linking them with fast
ethernet. Is it valid to use private IP addresses on that part of the
network - Will the internal hosts be able to see the outside world OK over
that link?
I think it should as the only nodes that need to understand the private IP
addresses are the 2 routers, the fact that packets have traversed a
'private' network to get to their destination is largely irrelevant.
The other option is to subnet the global unique class C IP block for the
DMZ - but this would be a waste of IP numbers, as only 2 are required to
link the routers.
Am I missing something simple, or is this the way to do it?
Thanks,
Jonathan
----------------------------------------------------------------------------
= Jonathan Nicholson - System Administrator +44 1223 494987 (internal 4987) =
= The Sanger Centre, Wellcome Trust Genome Campus, Hinxton, Cambs, CB10 1SA =
= Email: [EMAIL PROTECTED] (Work) (finger [EMAIL PROTECTED] for PGP Key) =
----------------------------------------------------------------------------
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
