[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: splitting a subnet in an odd way

Leonardo,
  I may not exactly understand what you are trying to do but if the only
thing you are trying to accomplish is firewalling the machines
differently, couldn't you just:

  1) assign them different gateways. The "open" machines would use the
"real" gateway. The other two groups would use the trusted side of the
two firewalls as gateways. The firewalls would use your "real" gateway
to forward the packets to/from the world.

    The "two" firewalls could be one Linux box with a couple interfaces
and appropriate firewall rules.



  2) just write the firewall rules to do what you want. Why not just
write your firewall rules to do what you want? Pass IPs x to y without
filtering, etc., etc. This seems most straight forward.

Pete
-- 
http://www.elbnet.com
ELB Internet Service, Inc.
Web Design, Computer Consulting, Internet Hosting


> > On Wednesday 24 September 2003 10:47, Leonardo Boselli wrote:
> >
> > > I have a /24 subnet.
> > > .1 is the gateway and almost all IP from 2 to 254 are occupied.
> > > I would like to split the host in three groups:
> > > 12 that can have full access, 12 thought one firewall and the other 205
> > > throught a second firewall.
> > > I cannot chanmge the number of some machines, so the only option is
> > > that the first 12 and the two firewalls are .2 to .14
> > > the second group is .18 to .29 and the third vould keep is present
> > > numbers between .36 and .254.
Reply to: