Re: OT: Advice on network setup
On Fri, Jan 31, 2003 at 10:13:29AM +1100, Lucas Barbuto wrote:
> - On the firewall, do I set it's external IP to 203.35.176.224
> (the network address)? Or do I have to give it one of the
> usable addresses?
You cant use the network address, you should use a useable address, .226 for
example.
> - On the firewall, what will I set the internal IP to? It
> doesn't matter right?
well, if you are going to use only assigned addresses, i would suggest you
use the same as the external, because this safes address space. .226
> - I set the firewall's gateway to 203.35.176.225?
it depends, if your ISP has a router on that address, then yes, you need to
set a host route to .225 via the external interface.
fw> route add -host .226 dev eth0
fw> route add -net .224 netmask 255.255.255.240 dev eth1
fw> route add default gw .226
> - On the co located hosts, I set the gateway to the internal IP
> I assigned to my firewall, correct?
yes, and set the network
hostX> route add -host .225 gw .226 # this is optional
hostX> route add -net .224 netmask 255.255.255.240 dev eth0
hostX> route add default gw .226
> - I've only every setup a firewall gateway using SNAT and DNAT
> for an office LAN with only one real IP, in this case, I don't
> need it, do I?
You can do that, too. This way you can have much more internal hosts, even
some which are not reachable at all (i.e. database)
> - Is there any other advice anyone can give me on this setup?
> I'm mostly concerned about how to assign IPs and route
> traffic. Especially the external and internal IP for the
> router.
You can also use proxy arp or run the firewall in bridge mode.
Greetings
Bernd
--
(OO) -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
Reply to: