From owner-freebsd-questions Fri Oct 2 09:07:09 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA20809 for freebsd-questions-outgoing; Fri, 2 Oct 1998 09:07:09 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from pau-amma.whistle.com (s205m64.whistle.com [207.76.205.64]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA20799 for ; Fri, 2 Oct 1998 09:07:00 -0700 (PDT) (envelope-from dhw@whistle.com) Received: (from dhw@localhost) by pau-amma.whistle.com (8.8.8/8.8.7) id JAA15209; Fri, 2 Oct 1998 09:06:08 -0700 (PDT) (envelope-from dhw) Date: Fri, 2 Oct 1998 09:06:08 -0700 (PDT) From: David Wolfskill Message-Id: <199810021606.JAA15209@pau-amma.whistle.com> To: jooji@webnology.com, questions@FreeBSD.ORG Subject: Re: Firewall with 2 NIC and a NET class C In-Reply-To: Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >Date: Fri, 2 Oct 1998 08:56:43 -0500 (CDT) >From: "Jasper O'Malley" >> _Building Internet Firewalls_, Ch. 4, p. 90 >> D. Brent Chapman & Elizabeth D. Zwicky >That's fine and well, but how old is that book? RFC 1597 was >obsoleted by RFC 1918 in February, 1996. What rationale do the >authors employ for suggesting that registered IP addresses behind the >firewall will be "setting yourself up for later problem[s]?" My copy isn't at hand, but I believe that one such potential problem is a side-effect of corporate mergers and acquisitions -- Yet Another annoying thing to consider (along with the myriads of other issues) is overlap among RFC 1918 address ranges.... Ensuring that all networks are registered avoids that particular issue. Also, I've heard that there's a new edition in the works.... david -- David Wolfskill UNIX System Administrator dhw@whistle.com voice: (650) 577-7158 pager: (650) 371-4621 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message