[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Again, Firewall Public IP's?

On Fri, 12 Apr 2002 12:34:58 +0200
"Stephan Balmer" <stephan@sense.asit.ch> wrote:
> ...
> > > Another way would be to turn the firewall into a router and use
> > > private IPs for the network between Firewall and router. So 
> interface
> > > 1 of the firewall gets and the routers interface
> > > This is not prefered since I don't like messing with
> > > that router.
> > 
> > That's the setup I use, and it works like a charm (with proper 
> iptables
> > configuration). But perhaps you don't have to resort to private
> > addresses, don't you have a couple left from the class C pool?
> Hm, I sure have two free addresses, but then I would have to subnet
> our Class C net, which is not what I want...
> Or did I misunderstand? I thought to get the router-firewall and the 
> router to route my packets, the connection between them has to be in 
> another subnet than mine. Because for a router there's nothing to
> route if his interfaces are connected to the same IP-subnet.

Sorry, my bad. I have a private internal network 192.168.0.x/24 and
another private network 192.168.4.x/24 between the firewall and the
router. So it seems your 2nd option would be the way I'd go.

But my job was eased by the fact that I only had to tell my router to
change it's interface 0 IP address, it handled its internal
configuration automatically. I didn't touch anything else on the router.
Perhaps you have no such luck?

Carlos Sousa

PS. no need to reply to me, I'm subscribed.

To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: