[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OT: Advice on network setup

On Fri, Jan 31, 2003 at 10:13:29AM +1100, Lucas Barbuto wrote:
>         - On the firewall, do I set it's external IP to
>         (the network address)?  Or do I have to give it one of the
>         usable addresses?

You cant use the network address, you should use a useable address, .226 for

>         - On the firewall, what will I set the internal IP to?  It
>           doesn't matter right?

well, if you are going to use only assigned addresses, i would suggest you
use the same as the external, because this safes address space. .226

>         - I set the firewall's gateway to

it depends, if your ISP has a router on that address, then yes, you need to
set a host route to .225 via the external interface.

fw> route add -host .226 dev eth0
fw> route add -net .224 netmask dev eth1
fw> route add default gw .226

>         - On the co located hosts, I set the gateway to the internal IP
>           I assigned to my firewall, correct?

yes, and set the network

hostX> route add -host .225 gw .226  # this is optional
hostX> route add -net .224 netmask dev eth0
hostX> route add default gw .226

>         - I've only every setup a firewall gateway using SNAT and DNAT
>           for an office LAN with only one real IP, in this case, I don't
>           need it, do I?

You can do that, too. This way you can have much more internal hosts, even
some which are not reachable at all (i.e. database)

>         - Is there any other advice anyone can give me on this setup?
>           I'm mostly concerned about how to assign IPs and route
>           traffic.  Especially the external and internal IP for the
>           router.

You can also use proxy arp or run the firewall in bridge mode.

  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to: