Charles Galpin wrote:
> A friend of mine does this, but with a FreeBSD firewall/router. Seems to
> have a very easy to understand routing/forwarding syntax - I guess the
> equivalent of ipchains. I don't know the details, but I'm also hoping one
> of the network gurus on the list will pipe up and explain how this can be
> done with linux.
>
> charles
>
> On Tue, 22 Aug 2000, Patrick May wrote:
>
> > I assume you are looking at something along the lines of:
> >
> > DSL Bridge -> Router/Firewall -> Private LAN
> > -> DMZ with servers
> >
Hmmm, I was going the say this is not a big deal but as I started thinking about it, it
is a little different. The reason it gives me problems is that there will be portions
of the dsl/leased network on two NICs. We have static dsl at the office but I am not
currently using but one of the addresses. Lets put some numbers to this and see if a
guru will step in and help
given a network: (warning this is probably real address space so don't use these
numbers!)
192.156.0.0/29
This is a network with 8 host addresses in the range of 192.156.0.0 - 192.156.0.7 they
would be allocated as follows:
192.156.0.0 network number
192.156.0.7 subnet broadcast
192.156.0.1-192.156.0.6 hosts on subnet
Now one of these will be the gateway machine the firewall will look at lets call it
192.156.0.1. I don't know enough about atm to know if this is the modem or a router on
the other side of the modem. Makes no difference AFAICS.
Now this leaves 5 addresses for the subscribers hosts. Sound familier?
Now the firewall will have three NICs right? This is where I get lost
eth0 - 192.156.0.2 # connected to the dsl modem What is the network number for this
, 192.156.0.0/29?
BTW netmask would be 255.255.255.248
this interface needs have routing set up as default and route to hosts
192.156.0.1 and of course itself 192.156.0.2
eth1 - 192.156.0.3 same deal as eth0 only now we need to route packets to 192.156.0.3
-
192.156.0.6
(this leaves 3 addresses for exposed machines 192.156.0.4-192.156.0.6)
eth2 - 192.168.0.1 on network 192.168.0.0/24 (internal private network)
The issue as I see it are that eth0 and eth1 need to be on the same network but this
may
not be a problem, I just have never done it.
My guess is that the routing tables would have routes to the gateway host on eth0 and a
network route on eth1.
How 'bout it gurus will this work?
If this is way off base I apologize to the readers and have only wasted 30 min. trying
to think this through. The other way would be to place another firewall between the
DMZ and the private network
dsl modem ---extenal firewall ----dmz network----- intenal firewall ------private net
Having written this you still have the problem of two interfaces on the same network on
the external firewall.
If you tried to subnet the subnet in this scenario , you use up all the addresses on
the
firewall interfaces. I guess subneting the first scenaio would result in one open
address for the DMZ machine.
Whew sorry i got started now.
I hope this helps get some discussion going.
Bret
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
