Re: Transparency in the firewall

To: "Jason D. Michaelson" <mich0101@tc.umn.edu>
Cc: debian-firewall@lists.debian.org
Subject: Re: Transparency in the firewall
From: ^chewie <chewie@nerp.net>
Date: Thu, 8 Jul 1999 08:57:18 -0500 (CDT)
Message-id: <[🔎] Pine.LNX.4.10.9907080853200.31464-100000@chef.nerp.net>
In-reply-to: <[🔎] 000401bec8eb$5dd36f40$285018ac@ares.michaelson.cx>

On Wed, 7 Jul 1999, Jason D. Michaelson wrote:

> My DSL connection is getting hooked up in two weeks. My goal is to
> place my old 486 with a pair of NE2000's between me and the rest
> of the world. Has anyone implemented IP filtering without
> assigning the external interface an IP address? Eventually, I'd
> like to get a set of 8 static IP's from USWest, and NAT them to an
> internal network number so I can assign printers and such IPs on
> my internal subnet. However, I don't want to squander IP's on both
> interfaces if I can avoid it. Presumably, if this is unavoidable,
> I'd want to use bridging on my "firewall"?

Don't quote me, but I don't think so.  Even our ISDN router needs an
IP address in order to route traffice to our remaining addresses.  Our
network address is xxx.xxx.xxx.192.  Our router is xxx.xxx.xxx.193.
And, of course, our route to the ISDN route on the firewall is "route
add default gw xxx.xxx.xxx.193 dev <external iface>".  Yes, the
interface has an external IP as well.  All in all, we loose 2
addresses just for routing and firewalling.  Small price to pay, if
you ask me.

^chewie

http://nerp.net/~chewie  <<--- Check it out!  I'm selling my truck!

Reply to:

References:
- Transparency in the firewall
  - From: "Jason D. Michaelson" <mich0101@tc.umn.edu>

Prev by Date: Transparency in the firewall
Next by Date: Re: Transparency in the firewall
Previous by thread: Transparency in the firewall
Next by thread: Re: Transparency in the firewall
Index(es):
- Date
- Thread