From owner-freebsd-questions  Fri Nov  1 18:31:23 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id SAA04206
          for questions-outgoing; Fri, 1 Nov 1996 18:31:23 -0800 (PST)
Received: from salsa.habaneros.com (salsa.habaneros.com [207.34.140.99])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id SAA04184
          for <questions@freebsd.org>; Fri, 1 Nov 1996 18:31:16 -0800 (PST)
Received: from ppp01.habaneros.com (jalapeno.habaneros.com [207.34.140.98]) by salsa.habaneros.com (8.7.6/8.7.3) with SMTP id SAA07567 for <questions@freebsd.org>; Fri, 1 Nov 1996 18:31:02 -0800 (PST)
Received: by ppp01.habaneros.com with Microsoft Mail
	id <01BBC822.97F241A0@ppp01.habaneros.com>; Fri, 1 Nov 1996 18:29:18 -0800
Message-ID: <01BBC822.97F241A0@ppp01.habaneros.com>
From: "Neil C. Jensen" <njensen@salsa.habaneros.com>
To: "'questions@freebsd.org'" <questions@freebsd.org>
Subject: routing / firewall question
Date: Fri, 1 Nov 1996 18:29:17 -0800
Encoding: 35 TEXT
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

I've seen similiar questions to this, but could not find a definitive 
answer in the archives....

I have 32 IP addresses subnetted from a class C. I presently have the 
following setup:

[ Internet ] <-------------------> Router <-------------------------> real 
& virtual servers
	       ISDN       xxx.xxx.xxx.97    ethernet          xxx.xxx.xxx.98-126


I would like to add a firewall using TIS's fwtk (for telnet and ftp) and 
perhaps the CERN HTTP proxy server (or Apache 1.2 proxy when it is 
released). The network will then look like:

                  ISDN             ethernet              ethernet
[ Internet ] <-------> Router <--------> Firewall <--------> My machines


Where I get confused is at the Firewall. My understanding is that the two 
network interfaces must be on separate subnets. How can I address the two 
interfaces on the firewall and still retain the maximum number of IP 
address for the rest of my machines? (I saw some mail in the archives about 
using private addresses between the router and firewall, but apparently 
this does not work with the proxy servers on the firewall).

On a related question, just to make sure I understand this correctly; does 
the CERN proxy server reside on the firewall, instead of using fwtk's 
http-gw?

Many thanks in advance.

Neil Jensen
Habanero Studios Ltd.
Vancouver, Canada