So you're telling me it's accepted practice to configure a router like so... Ethernet 0/1 ip address 10.10.10.10 255.255.255.0 Ethernet 1/1 ip address 10.10.10.20 255.255.255.0 Or am I misunderstanding you? That's quite possible. Yes, you can have secondary interfaces (multiple gateway addresses into a port) Ethernet 0/1 ip address 10.10.10.10 255.255.255.0 ip address 10.20.10.10 255.255.255.0 secondary But routing works based upon major network (or subnet) boundaries. If you have a packet coming in bound for 10.10.10.20 with the above mentioned config, you have a problem on your hands...DP > -----Original Message----- > From: Ryan Russell [SMTP:[EMAIL PROTECTED]] > Sent: Friday, February 19, 1999 3:05 PM > To: Pavlichek, Doris (GEIS, GE Capital Consulting) > Cc: Chris Chen; [EMAIL PROTECTED] > Subject: RE: do I HAVE TO put my DMZ net and Internet in seperate net > segments > > Since the first time routers were connected together via Ethernet... > > What's the problem with having multiple gateways and/or > multiple address spaces on the same broadcast or collision domains? > > Ryan > > > > > > To: Ryan Russell/SYBASE, Chris Chen <[EMAIL PROTECTED]> > cc: [EMAIL PROTECTED] > Subject: RE: do I HAVE TO put my DMZ net and Internet in seperate net > segm > ents > > > > > Since when do you operate multiple gateways with a single collision > domain? > Do you want *total* route confusion?? > DP > > > -----Original Message----- > > From: Ryan Russell [SMTP:[EMAIL PROTECTED]] > > Sent: Friday, February 19, 1999 1:27 PM > > To: Chris Chen > > Cc: [EMAIL PROTECTED] > > Subject: Re: do I HAVE TO put my DMZ net and Internet in seperate > net > > segments > > > > > > You don't say what kind of firewall you have, but > > in general, no you don't have to have them on > > separate broadcast domains. You do open > > another possible avenue of attack for your > > DMZ machines, though. > > > > If address space is the concern, in similar situations > > I've done address translation or reverse proxy to > > get the requests onto my DMZ net from the "outside" address > > space. > > > > Ryan > > > > - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
RE: do I HAVE TO put my DMZ net and Internet in seperate net segments
Pavlichek, Doris (GEIS, GE Capital Consulting) Fri, 19 Feb 1999 16:05:17 -0500
- do I HAVE TO put my DMZ net... Chris Chen
- Re: do I HAVE TO put m... Ryan Russell
- RE: do I HAVE TO put m... Pavlichek, Doris (GEIS, GE Capital Consulting)
- RE: do I HAVE TO put m... Ryan Russell
- RE: do I HAVE TO put m... Pavlichek, Doris (GEIS, GE Capital Consulting)
- RE: do I HAVE TO put m... Ryan Russell
