RE: Firewallsetup

To: johannes.tyve@phosworks.se
Cc: Debian-User <debian-user@lists.debian.org>
Subject: RE: Firewallsetup
From: Craig Sanders <cas@taz.net.au>
Date: Sun, 12 Jul 1998 09:58:47 +1000 (EST)
Message-id: <[🔎] Pine.LNX.3.96.980712092823.2868B-100000@siva.taz.net.au>
In-reply-to: <B3D73418C1E9D11183C20060084F6271D78A@ntfileserver2.phosworks.se>

CC-ed back to debian-user.

On Fri, 10 Jul 1998 johannes.tyve@phosworks.se wrote:

i know this is urgent for you, sorry to take so long to reply...have
been busy. 

btw, you would have been better off cc-ing your question to debian-user. 
i'd still get a copy and you might have got a quicker answer from someone
else....I'm not the only person who can help you, there are lots of
knowledgeable and helpful people on the mailing list....also, many people
read debian-user to learn from watching the questions and answers, so it's
better to have answers posted there.

> We share the cisco router and the c-net with an other company. I can't
> put all of the 192.12.120.0/24 net inside the fw (but I can subnet the
> c-net).
> 
> I want somthing like this:
> 
> inet <--> cisco (192.12.120.254???)
>             |
>            hub----other company (192.12.120.0/25)
>             |
>             |eth0
>            fw
>             |eth1
>             |
>          our network (192.12.120.128/25)
> 
> Is this possible without changing anything in the cisco? What netmasks
> should I use on the fw? Please help, I'm getting more and more confused
> the more I read about this.

yes, this is possible, but you will have to make a few small changes to
the cisco. you'll have to change the netmask on it's ethernet interface
to a /25, and you'll have to route the second /25 via the firewall's eth0
interface.

also, you'd be better off assigning 192.12.120.128/25 to the other
company, and 192.12.120.0/25 to your company. this is because the cisco
is .254, thus is in the .128/25 subnet.

i'd suggest:

external (unfirewalled) net:
	      network:  192.12.120.128
		  netmask:  255.255.255.128
		broadcast:  192.12.120.255

	        cisco:  192.12.120.254
	firewall eth0:  192.12.120.253
	  other hosts:  192.12.120.129 - 192.12.120.252

internal (firewalled) net:
	      network:  192.12.120.0
		  netmask:  255.255.255.128
		broadcast:  192.12.120.127

	firewall eth1:  192.12.120.1
	  other hosts:  192.12.120.2 - 192.12.120.126

i note that you ask "What netmasks should I use on the fw?".  That's not
exactly the right question....the netmask you use must be used on all
hosts on the network. this will mean reconfiguring every host, router,
ethernet printer, and hub (if your hubs have ip addresses for snmp
monitoring).  

if you don't change the netmask on all the hosts/devices then they will
have no way of knowing that the net is subnetted. they will expect to
find the full 192.12.120.0/24 on the local ethernet, so they won't route
packets to hosts in the other subnet via the cisco, they'll just try to
send it directly - which won't work.

btw, here's a useful reference for you:

	http://ipprimer.2ndlevel.net/

it's a good summary/intro to IP networks.

and another:

	http://www.internetnorth.com.au/keith/networking/subnet1.html

a set of tables which can be very useful for subnetting.

you can find more by going to altavista or somewhere and searching for
"CIDR and subnet".

craig

--
craig sanders

--  
Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null

Reply to:

Prev by Date: Re: sound recording under linux
Next by Date: Re: "Mail-Followup" header
Previous by thread: RE: Firewallsetup
Next by thread: Fw: Problem setting interrupt and address on network adaptor for NC2501-3 Accton Lanstation
Index(es):
- Date
- Thread