Hi Ronneil,
First post here, hope its accurate! Yes, this should be correct, at least with NT.
Once you turn on IP forwarding on your firewall, each interface knows about the other
interfaces, and the networks directly available through them (using the subnet mask).
The interfaces do not need default gateways to do this, and in fact using default
gateways which refer to the other interfaces will mess up IP routing on the box.
However your external interface does need to know how to get to the next hop, and will
therefore require a default gateway.
For more info:
http://www.phoneboy.com/fw1/
- Barry
-----Original Message-----
From: Ronneil Camara [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 16, 2000 10:21 AM
To: '[EMAIL PROTECTED]'
Subject: RE: IP addressing on firewall
Hi Tobias,
Looks like you misunderstood my POST. I wasn't talking about the host on my
private net, I was talking about the firewall config. Of course, the gateway
ip address that I should put on my host on my private net is 172.16.1.1.
Supposed we have the following config:
e0 = 172.16.1.1
e1 = 172.16.1.5
e2 = 222.2.2.2
router lan = 222.2.2.1
__ __ __
.------. / \/ \/ \
private----------e0| FW |e2-----> router------>| Internet |
172.16.1.x/24 | | 222.2.2.1 \__/\__/\__/
`------'
e1
| DMZ
| 172.16.1.x/24
v
http/dns/smtp
servers
As far as I know, the e2 should have the gateway address set to 222.2.2.1.
Am I right?
--
.-------------------------------------------------------.
.^. | Ronneil Camara, | [EMAIL PROTECTED] |
/V\ |--------------------| +632 6354086 +63917 5326993 |
// \\ | "The only way to `----------------------------------|
/( )\ | stop a hacker is to think like one." |
^^-^^ | ...brilliant misguided youth |
`-------------------------------------------------------'
> -----Original Message-----
> From: Reckhard, Tobias [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, August 16, 2000 5:08 PM
> To: 'Ronneil Camara'; '[EMAIL PROTECTED]'
> Subject: RE: IP addressing on firewall
>
>
> Wrong. The 'firewall' is the default gateway of the hosts on
> the private net
> and in the DMZ. Unless you've got a layer 2 firewall (no, you
> most probably
> don't).
>
> Regards
> Tobias Reckhard
> secunet
> Security Networks AG Tel : +49(6196)95888-42
> Mergenthalerallee 77 Fax : +49(6196)95888-88
> D-65760 Eschborn E-Mail: [EMAIL PROTECTED]
>
> > -----Original Message-----
> > From: Ronneil Camara [SMTP:[EMAIL PROTECTED]]
> > Sent: Wednesday, August 16, 2000 9:58 AM
> > To: '[EMAIL PROTECTED]'
> > Subject: RE: IP addressing on firewall
> >
> > Since we're talking of the firewall which implements DMZ, only the
> > interface
> > that is exposed to the internet should have a gateway and
> that gateway
> > should have the ip address of the router facing the
> internet also. I don't
> > need to put any gateway ip address on the private and dmz lan cards,
> > right?
> >
> > Ronneil
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
