Re: Firewall
Paulo Henrique Baptista de Oliveira wrote:
> Hi Debian users,
> I have a lab with about 10 machines and 1/4 of a IP C class to use.
> I want to do a firewall for my lab.
> Today I have the following structure:
>
> .65 .99
> ---------- ------------ ---------
> | router | ---- | Firewall | ---- | hub 1 |
> ---------- | ------------ | ---------
> | |
> | ------------
> | | hub 2 |
> | ---------
> |
> ---------
> 64/97 | hub 3 |
> ---------
>
> Our netmask is 255.255.255.192. May I change it to 255.255.255.224?
I'm not quite sure if I understand. You want to split the /22 network
into two /21 networks, one for the DMZ (demiliterized zone, router -
firewall) and one /21 network for the secured zone. In that case you
will have to set up two 255.255.255.224 networks.
> What will be the routes?
The router and the firewall know that /21-0 (first splitted network)
is hooked at eth0 and that /21-1 is routed to the firewall, who knows
that /21-1 is eth1 for it. The clients at hub1 and hub2 will need
to have the proper netmask (.224) and the firewall's address
as default gateway.
> How to do to login into the firewall, or better, how to uplink the
> two hubs?
I'm sorry, but I don't understand. Hooking two hubs to one box may
be done in three ways:
1st use the uplink port for the hub and stack them (i.e. fw-hub1-hub2)
2nd use two network cards at the firewall and divide the network
properly
3rd use a switch/hub between the firewall and the client hubs.
> What I want is to make a firewall for my lab and still access the
> other IP range.
Err, sure, a firewall is also a router, it just doesn't route everything
but only the parts you have configured.
Regards,
Joey
--
Never trust an operating system you don't have source for!
Please always Cc to me when replying to me on the lists.
Reply to:
- References:
- Firewall
- From: Paulo Henrique Baptista de Oliveira <baptista@linuxsolutions.com.br>