RE: Problem about Firewall!!

Mike Glassman - Admin Tue, 27 Jun 2000 02:12:16 -0700
Genu,

Even if you give the WS's dynamic addresses via DHCP, all your DHCP IP
addresses are part of a class, or a pool that you know, this is possible.

For eg. If you give the WS's a 10.10.1.0 to 10.10.1.255, then your network
is 10.10.1.0 with a mask of 255.255.255.0.

You can create a network object with that data, and make a rule allowing it
to go out, and give the network object a NAT external address which will
then allow all the users who have IP addresses that are a part of that
network, to go out via that address.

If you have a few such networks, you can define a few such rules, or one
rule with all...etc.

As to how do you get the WS's to know the IP of the server, that is
something you'd do on your routers. Set the routers to static NAT all IP
addresses with the next hop as the FW internal IP address (internal to your
LAN). Set the DHCP server to make the router the default gateway of the
WS's, and then when a WS asks for an address which is not a part of your
internal network, the request will be forwarded by the routers to the FW and
out.

You will need to set your routers up so that they know which networks are
internal, so it doesn't send all the internal requests to the firewall if
they belong inside.

That's it in general.

Hope this helps,

Mike

> -----Original Message-----
> From: @nlS [SMTP:[EMAIL PROTECTED]]
> Sent: a ea?e 27 2000 10:47
> To:   [EMAIL PROTECTED]
> Subject:      Problem about Firewall!!
> 
> hi,all:
>    There is a question involving the Firewall.As we know ,the Firewall
> should provide two ports:one is the wan port and the other is the lan
> port.Hence we bind the  IP address to each of the  port.
> It is just the static IP address.The question is : when we have a LAN,and
> each of the pc in the LAN gets its IP address from a DHCP server.How can I
> setup the IP address for the Firewall? And how can I setup the IP-Filter
> in the Firewall,since the pc's IP address is dynamic?
>     thank you 
>  
> 
>   best regard.
> 
>    Genu
> 
> _____________________________________________
> O>A*EIODAa???aO>?aO2O,Oa?!
> --IaAaI2?(r)OeO?3O?A263E??1/4OUI???http://www.263.net?(c)I?O>AE??!
> IOOaI?AE??!??http://fsurvey.cnnic.net.cn/survey/index.html?(c)
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
RE: Problem about Firewall!!

Reply via email to
