Vieri Di Paola wrote: >My network is 10.215.0.0/255.255.0.0. >I set it up this way for convenience only. Actually, all my hosts >are within 10.215.144-147.xxx and 10.215.246-248.xxx (shorewall zone >'loc'). > >I have a router linking me to another location (shorewall zone net2) >where there are other hosts within, say, 10.215.0.xxx and >10.215.147.xxx (and more).
Unfortunately, that is a broken network. You will *always* have problems as long you leave it like that. Rule #1 of IP address, all addresses must be globally* unique, and that means all subnets must be non-overlapping. By far the best way to deal with it is to renumber one or other of the networks. 10.215.246.0/22 covers 10.215.246.0 to 10.215.247.255, so if that is enough for that network then it would allow you to renumber without having to change IP addresses on many of your devices - you'd only need to change the router (if it's not already in that range) and the netmask. That does simplify things, plus you can get away with parallel running (with some devices on the /16 and some on the /22) mask while you are sorting things out - provided all IPs are actually within the same /22. Going to a 21 bit mask gives you 10.215.240-247.x, 20 bits gives you 10.215.240-255.x Alternatively, you may have to consider introducing a layer of NAT between the two networks. I can't remember how to do it, but it's possible to map one range to a different range while keeping the addressing unique. Eg, you could map the second network so that you see it as 10.216.x.y from your first network - where x.y is retained by a 1:1 mapping between address ranges. * In these days of NAT (NAT==broken), change that to "all addresses must be globally unique from your point of reference" - which means any networks you have to communicate with (and which aren't NATed from you) must have unique addresses. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
