You can do the scenario below with PAINFUL subnetting techniques on the
firewall, (with minor changes). SORRY, .3 won't work for a 2 node
addressable space without interfering with the wire and broadcast
addresses.
External subnet:
Router ip is a.b.c.1 mask 255.255.255.252
Firewall ip is a.b.c.2 mask 255.255.255.252
(wire address = .0, and bcast addr = .3)
Internal Subnets(s):
Int. Firewall ip is a.b.c.5 mask 255.255.255.252
Int subnets: a.b.c.8 mask 255.255.255.248
a.b.c.16 mask 255.255.255.240
a.b.c.32 mask 255.255.255.224
a.b.c.64 mask 255.255.255.192
a.b.c.128 mask 255.255.255.128
HOWEVER......, I would not address my internal clients with publicly
registered addresses. It would be better to, say.... subnet the Class C
down further and use the "registered" class C for the segment between
the external interface of the firewall and the router. You could
possible use the other subnet(s)--"registered"--as a secured publicly
accessible third leg on the firewall, of private ip, blah, blah. Then
use Private IP addressing (RFC 1918) for the internal network and NAT on
the external interface of the firewall. Most commercial firewalls will
support NAT. i.e.:
Internet ------- Router -------- Firewall ----- Internal
|
|
WWW servers, blah, blah...
where:
Router ip is a.b.c.1 mask 255.255.255.0 - or subnetted C
Firewall ip is a.b.c.2 mask 255.255.255.0 - or subnetted C
Third Secure Leg can use registered or Private IP Addressing (Private
Suggested).
Internal ip will use Private IP Addressing and be translated at the
firewall.
Good Luck,
David Markle
-----Original Message-----
From: firewalls-owner(a)lists.gnac.net
Sent: Thursday, May 20, 1999 9:53 PM
To: firewalls(a)lists.gnac.net
Cc: ask(u)(a)hotmail.com
Subject:
Hi,
Do anyone know what firewall product that can do this
Internet ------- Router -------- Firewall ----- Internal
where
Router ip is a.b.c.1
Firewall ip is a.b.c.2
Internal ip is a class C register IP addresss a.b.c.3 -- a.b.c.254
The normal firewall product is require to have one register IP and
the internal lan is in private IP address. And all internet services
is
go through the proxy Firewall.
What I am looking for is that the Firewall can able to protected the
internal Lan with the internal ip is a range of register internet IP
address instead of the private IP (192.168.x.x.). The Firewall is
only
open
up those allow services to go out like http, ftp , etc...
The Firewall can be software or hardware solution.
Thanks.
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
<< File: UnXhrds.txt >>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
