Thanks for the response Martin. Maybe I wasn't clear enough. Let me
rephrase everything in this email:
We currently have a firewall using a Cisco PIX server. Everything on
this firewall is using a static ip of some sort. There is a range of IP
addresses inside the PIX firewall that are being used for DHCP. These
IP addresses aren't important since I will be using entirely new IPs for
the new firewall, and will be manually configuring all the machines and
IP phones to use different IP addresses. Some of the computers are
using DHCP, others are using IP addresses that are hardcoded into the
computers and phones. Everything gets an IP address.
I want to change this. My thoughts were to put all the computers in the
office behind NAT and just give them internal IP addresses using
10.30.1.0/24 with subnet of 255.255.255.0. Since the IP phones don't do
NAT very well, I wanted to give them static IP addresses. I could just
assign a class C to the firewall, but I think that is a waste of IPs.
The office computers only are used for email and web browsing, so they
don't require any ports to be forwarded to them for any reason.
Given this information, what is the best route to go to set this up? A
friend suggested giving the first NIC an external IP address, and giving
the second NIC both an internal address (10.30.1.1, since it will be the
gateway for the office computers) as well as an external IP address, and
then enable the gateway option in OpenBSD.
Patrick
Martin Gignac wrote:
What other information can I provide you to help me come up with a
solution?
A quick ASCII diagram of the PIX and the subnets in front and back
might help (I'm the visual type).
The only subnet you mention with public IPs in your first e-mail is
216.139.44.142/26, in which the IPs mentioned in suggestions # 2 and
#4 lie. Maybe I'm missing the point here but you obviously won't be
able to route between the two interfaces if they're on the same
subnet. Either you *do* want to perform bridging, as ropers suggested,
or then maybe I just don't have a clear picture of what's where (hence
the request for a simple ASCII diagram).
-Martin
