Paulo Henrique Baptista de Oliveira wrote:
> Hi Debian users,
> I have a lab with about 10 machines and 1/4 of a IP C class to use.
> I want to do a firewall for my lab.
> Today I have the following structure:
> .65 .99
> ---------- ------------ ---------
> | router | ---- | Firewall | ---- | hub 1 |
> ---------- | ------------ | ---------
> | |
> | ------------
> | | hub 2 |
> | ---------
> 64/97 | hub 3 |
> Our netmask is 255.255.255.192. May I change it to 255.255.255.224?
I'm not quite sure if I understand. You want to split the /22 network
into two /21 networks, one for the DMZ (demiliterized zone, router -
firewall) and one /21 network for the secured zone. In that case you
will have to set up two 255.255.255.224 networks.
> What will be the routes?
The router and the firewall know that /21-0 (first splitted network)
is hooked at eth0 and that /21-1 is routed to the firewall, who knows
that /21-1 is eth1 for it. The clients at hub1 and hub2 will need
to have the proper netmask (.224) and the firewall's address
as default gateway.
> How to do to login into the firewall, or better, how to uplink the
> two hubs?
I'm sorry, but I don't understand. Hooking two hubs to one box may
be done in three ways:
1st use the uplink port for the hub and stack them (i.e. fw-hub1-hub2)
2nd use two network cards at the firewall and divide the network
3rd use a switch/hub between the firewall and the client hubs.
> What I want is to make a firewall for my lab and still access the
> other IP range.
Err, sure, a firewall is also a router, it just doesn't route everything
but only the parts you have configured.
Never trust an operating system you don't have source for!
Please always Cc to me when replying to me on the lists.
- From: Paulo Henrique Baptista de Oliveira <email@example.com>