Date: Wed, 15 May 1996 12:02:22 -0700 (PDT) From: "Jonathan M. Bresler" <jmb> To: nate@sri.MT.net (Nate Williams) Cc: wollman@lcs.mit.edu, kristyn@gnu.ai.mit.edu, questions@FreeBSD.ORG Subject: Re: Networking / Routing question Message-ID: <199605151902.MAA13913@freefall.freebsd.org> In-Reply-To: <199605151555.JAA19142@rocky.sri.MT.net> from "Nate Williams" at May 15, 96 09:55:09 am
next in thread | previous in thread | raw e-mail | index | archive | help
Nate Williams wrote: > Background: > > I will have a 32 host IP subnet, where I am using about 23 IP addresses > right now. I'd like to add a firewall box on one end of the link > connected to router. So, I have 2 machines on one-subnet, and the rest > of my network on the other subnet. > ethernet ethernet > [ Internet ] <--> Router <--------> Firewall <--------> My machines > > Since I only have 32 IP addresses available I don't want to waste any IP > addresses if I can help it, especially considering I expect to use a few > more addresses beyond the 23 I have now. > > Since I have two ethernet segments, I must have two different subnets, > but I don't see any easy solution to the problem. It would be nice if I > could use the ethernet segment as a point-point connection in this case > (for latency & BW ethernet is the cheapest way to go). > > What would you suggest? use rfc-1918 addresses on the segment between the router and the firewall. keep all your 32 ip addresses for your hosts. default route on the inside points to the firewall. default route on firewall points to the router. specific route for you 32 hosts points thru the internal interface of the firewall. default route on the router points to the net. router has specific route for your 32 hosts (hopefully consequetive on 5 bit boundary) pointing to the firewall. as an aside this makes the internal interface for the router and the external interface of the firewall unaddressable from the internet. that's a good thing! if you must telnet to the firewall for configuation,( better to use the console or a serial line form your host) configure the firewall to accept telnet only from the OUTSIDE ethernet AND have the router block rfc-1918 addresses both inbound and outbound ;) jmb -- Jonathan M. Bresler FreeBSD Postmaster jmb@FreeBSD.ORG FreeBSD--4.4BSD Unix for PC clones, source included. http://www.freebsd.org/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605151902.MAA13913>