From owner-freebsd-questions Fri Nov 1 18:31:23 1996 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id SAA04206 for questions-outgoing; Fri, 1 Nov 1996 18:31:23 -0800 (PST) Received: from salsa.habaneros.com (salsa.habaneros.com [207.34.140.99]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id SAA04184 for ; Fri, 1 Nov 1996 18:31:16 -0800 (PST) Received: from ppp01.habaneros.com (jalapeno.habaneros.com [207.34.140.98]) by salsa.habaneros.com (8.7.6/8.7.3) with SMTP id SAA07567 for ; Fri, 1 Nov 1996 18:31:02 -0800 (PST) Received: by ppp01.habaneros.com with Microsoft Mail id <01BBC822.97F241A0@ppp01.habaneros.com>; Fri, 1 Nov 1996 18:29:18 -0800 Message-ID: <01BBC822.97F241A0@ppp01.habaneros.com> From: "Neil C. Jensen" To: "'questions@freebsd.org'" Subject: routing / firewall question Date: Fri, 1 Nov 1996 18:29:17 -0800 Encoding: 35 TEXT Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I've seen similiar questions to this, but could not find a definitive answer in the archives.... I have 32 IP addresses subnetted from a class C. I presently have the following setup: [ Internet ] <-------------------> Router <-------------------------> real & virtual servers ISDN xxx.xxx.xxx.97 ethernet xxx.xxx.xxx.98-126 I would like to add a firewall using TIS's fwtk (for telnet and ftp) and perhaps the CERN HTTP proxy server (or Apache 1.2 proxy when it is released). The network will then look like: ISDN ethernet ethernet [ Internet ] <-------> Router <--------> Firewall <--------> My machines Where I get confused is at the Firewall. My understanding is that the two network interfaces must be on separate subnets. How can I address the two interfaces on the firewall and still retain the maximum number of IP address for the rest of my machines? (I saw some mail in the archives about using private addresses between the router and firewall, but apparently this does not work with the proxy servers on the firewall). On a related question, just to make sure I understand this correctly; does the CERN proxy server reside on the firewall, instead of using fwtk's http-gw? Many thanks in advance. Neil Jensen Habanero Studios Ltd. Vancouver, Canada