Christos Pelekis wrote:
Hi,
i want public ips in DMZ. (some software require public ips)
I'd advise you to change your idea and chose instead private IPs on the
DMZ, using 1:1 Nat to associate every internal IP to a specific public IP
But I understand that some applications (i.e. IPSEC, some
videoconferencing software, etc) is much more hard to get working on a
NATed host, so if you really want to give the DMZ public IPs, just go on
and do it. The additional subnet is just 'routed' to you via your pppoe
connection, so you can assign that addressing to any net directly
connected to your firewall.
Remember the lowest and the highest IP in the subnet cannot be assigned
to any NIC (but you can use them for doing NAT on the firewall, if you
need), and that one IP must be assigned to the firewall (default gateway
for the DMZ): that means, for example, that a 16 IP network gives you
13 usable addresses. If you use CARP, you must reserve an IP for every
host in the cluster +1 for the virtual IP (this one becomes the default
gateway for the DMZ): so in case of a two-node CARP firewall, the number
of IPs available for assignement to hosts is SUBNET_SIZE-5.
Hope this helps,
Angelo Turetta
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
