Re: Again, Firewall Public IP's?
On Fri, 12 Apr 2002 12:34:58 +0200
"Stephan Balmer" <stephan@sense.asit.ch> wrote:
> ...
> > > Another way would be to turn the firewall into a router and use
> > > private IPs for the network between Firewall and router. So
> interface
> > > 1 of the firewall gets 10.0.0.1 and the routers interface
> > > 10.0.0.2. This is not prefered since I don't like messing with
> > > that router.
> >
> > That's the setup I use, and it works like a charm (with proper
> iptables
> > configuration). But perhaps you don't have to resort to private
> > addresses, don't you have a couple left from the class C pool?
> Hm, I sure have two free addresses, but then I would have to subnet
> our Class C net, which is not what I want...
> Or did I misunderstand? I thought to get the router-firewall and the
> router to route my packets, the connection between them has to be in
> another subnet than mine. Because for a router there's nothing to
> route if his interfaces are connected to the same IP-subnet.
Sorry, my bad. I have a private internal network 192.168.0.x/24 and
another private network 192.168.4.x/24 between the firewall and the
router. So it seems your 2nd option would be the way I'd go.
But my job was eased by the fact that I only had to tell my router to
change it's interface 0 IP address, it handled its internal
configuration automatically. I didn't touch anything else on the router.
Perhaps you have no such luck?
--
Carlos Sousa
PS. no need to reply to me, I'm subscribed.
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: