Re: public dmz addresses; small subnet

To: debian-firewall@lists.debian.org
Cc: "Jeremy T. Bouse" <Jeremy.Bouse@UnderGrid.net>
Subject: Re: public dmz addresses; small subnet
From: Michael Perry <mperry@lnxpowered.org>
Date: Wed, 1 Aug 2001 09:32:20 -0700
Message-id: <[🔎] 20010801093220.A12755@lnxpowered.org>
Mail-followup-to: debian-firewall@lists.debian.org, "Jeremy T. Bouse" <Jeremy.Bouse@UnderGrid.net>
Reply-to: mperry@lnxpowered.org
In-reply-to: <[🔎] 20010801091411.A28679@UnderGrid.net>
References: <[🔎] 20010801070048.A11294@lnxpowered.org> <[🔎] 20010801091411.A28679@UnderGrid.net>

Quoting Jeremy T. Bouse on Wed, Aug 01, 2001 at 09:14:11AM -0700:
> 	Well I was part of that earlier discussion in May when I FINALLY
> go PacHell to actually get my line operational... I've also got the Enhanced
> DSL package with the /29 subnet... I still don't have my network topography
> like I want it because of the fact that the one IP from the /29 is on their
> side which is used for the default gateway on our side... Really just wish
> they'd setup a /30 P-t-P addressing schema over the DSL and then allow you
> the full use of the /29 for your side giving you 6 IPs instead of 5 as that
> would make the situation a whole lot easier... 
> 
> 	I've been thinking about using a Bridging-firewall technique but 
> have been short on finding good documentation on it... If anyone else has
> found some good sources of info on this I'd be very apprecitive to recieve
> a link to the data... Also if there is any interrest by people in the 
> South Bay area to possible get together and try brainstorming this I have
> a 4'x8' whiteboard on the wall at my "office" (read: spare bedroom) and
> try to keep the dry bar stock'd as best as possible...
> 
> 	Respectfully,
> 	Jeremy T. Bouse
> 
Hi-

I live in Fremont/Union City, so I would be interested.  I also own a
copy of the OpenBSD/Linux Firewall book which explains a bit about
something called a "Three Legged DMZ" and the diagram is not far from
what we have drawn actually.  In their example, internet traffic comes
in on one interface (eth0), eth1 is under a firewall and is hubbed for
192.168.0.x connections.  eth2 is separate and has a hub under the
firewall as well.  My current situation is I am getting the IP addresses
sometime today as I showed in my original email and am prowling around
here and there trying to find some answers.  It seems that in the
openbsd/linux firewalling book, there is some discussion of using a
three-legged approach.

Anybody that could help out either on a whiteboard or with personal
experience would be great!  I am spending additional $$ on the IPs and
want to stay with debian.  It seems that openBSD also can handle this
and I have had some limited experience in using OpenBSD as a
firewall/router.

The three-legged setup looks like this:

        internet
           |
        --------------
        eth0 198.x.x.x|
                      |-eth1--->hub--------198.x.x.x
        --------------                     (different netmask, default route)
           |
           hub
           |
    eth2 192.168.x.x

I guess I could be a better diagrammer; but this looks a lot like what
people are tryingo to do?

--
Michael Perry | "Do or do not; there is no try" Master Yoda
mperry@lnxpowered.org | http://lnxpowered.org (soon to come)

Reply to:

Follow-Ups:
- Re: public dmz addresses; small subnet
  - From: Stan Kaufman <sekfmn@pacbell.net>

References:
- public dmz addresses; small subnet
  - From: Michael Perry <mperry@lnxpowered.org>
- Re: public dmz addresses; small subnet
  - From: "Jeremy T. Bouse" <Jeremy.Bouse@UnderGrid.net>

Prev by Date: Re: public dmz addresses; small subnet
Next by Date: Re: public dmz addresses; small subnet
Previous by thread: Re: public dmz addresses; small subnet
Next by thread: Re: public dmz addresses; small subnet
Index(es):
- Date
- Thread