Date: Wed, 15 May 1996 13:47:47 -0600 From: Nate Williams <nate@sri.MT.net> To: "Jonathan M. Bresler" <jmb@freefall.freebsd.org> Cc: nate@sri.MT.net (Nate Williams), questions@FreeBSD.ORG Subject: Re: Networking / Routing question Message-ID: <199605151947.NAA19867@rocky.sri.MT.net> In-Reply-To: <199605151902.MAA13913@freefall.freebsd.org> References: <199605151555.JAA19142@rocky.sri.MT.net> <199605151902.MAA13913@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Background: > > > > I will have a 32 host IP subnet, where I am using about 23 IP addresses > > right now. I'd like to add a firewall box on one end of the link > > connected to router. So, I have 2 machines on one-subnet, and the rest > > of my network on the other subnet. > > ethernet ethernet > > [ Internet ] <--> Router <--------> Firewall <--------> My machines > > > > Since I only have 32 IP addresses available I don't want to waste any IP > > addresses if I can help it, especially considering I expect to use a few > > more addresses beyond the 23 I have now. > > > > Since I have two ethernet segments, I must have two different subnets, > > but I don't see any easy solution to the problem. It would be nice if I > > could use the ethernet segment as a point-point connection in this case > > (for latency & BW ethernet is the cheapest way to go). > > > > What would you suggest? > > use rfc-1918 addresses on the segment between the router and the > firewall. keep all your 32 ip addresses for your hosts. > > default route on the inside points to the firewall. > > default route on firewall points to the router. > specific route for you 32 hosts points thru the internal > interface of the firewall. > > default route on the router points to the net. > router has specific route for your 32 hosts (hopefully > consequetive on 5 bit boundary) pointing to the firewall. > > as an aside this makes the internal interface for the router > and the external interface of the firewall unaddressable > from the internet. that's a good thing! if you must telnet > to the firewall for configuation,( better to use the console > or a serial line form your host) configure the firewall to > accept telnet only from the OUTSIDE ethernet AND have the > router block rfc-1918 addresses both inbound and outbound ;) What a *great* idea! John wins the big prize, which is dinner with me next week. :) Nate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605151947.NAA19867>