Hi,
I've a little doubt, about the address scheme for a class B network.
Supposed the
x.x. prefix, the scenario is:
_ __ ,------------,
x.x.20.0 ---+ / \/ \/\ ______ |_______ |
x.x.30.0 ---+---|R|---| Int16 |-----| FW-1 |-----| Ext | |
x.x.40.0 ---+ \_/\__/\/ '---+--' |-------' |
__|__ \___________/
/ \
| DMZ |
\-----/
The mean of each address is:
. x.x.16.* the internal side (net) protected by the CheckPoint FW-1: all
the other company's subnetworks are attacched to a router on this subnet
. x.x.18.* the external net: where there are the gateways (i.e. the
external
side of the FW-1)
. at the end (but not the last :-)) the DMZ zone, a partitioned C class of
the form: x.x.240.112 (16 addresses from x.x.240.113 to 126, with
broadcast
via the x.x.240.127 address)
The goal is define the traffic from the internal FW-1 interface (with an
address of
the ``int16'' internal net) to the internet, trough the x.x.18.0 net; I want
understand
if there is a way to define completely the allowed traffic from int16
subnetwork.
In particular the addresses from the interface on int16 net would be:
int16 (various nets) = x.x.*.* (the B class) - x.x.240.112 (the DMZ net)
All company's networks will go out via the firewall, trough the internal
router R;
there isn't the NAT, because all addresses must be visible from the
``Internet'',
and so they will not be masqueraded (all source addresses will go trough the
router
without any modifications). The netmask for fw-1 internal and external
interface is
x.x.255.255. I've tried the CheckPoint ``negated'' definitions, but it isn't
useful.
Thanks in advance,
gino
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
