> -----Original Message-----
> From: Ronneil Camara [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, August 16, 2000 11:21 AM
> To: '[EMAIL PROTECTED]'
> Subject: RE: IP addressing on firewall
>
>
> Hi Tobias,
>
> Looks like you misunderstood my POST. I wasn't talking about
> the host on my
> private net, I was talking about the firewall config. Of
> course, the gateway
> ip address that I should put on my host on my private net is
> 172.16.1.1.
>
> Supposed we have the following config:
> e0 = 172.16.1.1
> e1 = 172.16.1.5
> e2 = 222.2.2.2
> router lan = 222.2.2.1
> __ __ __
> .------. / \/ \/ \
> private----------e0| FW |e2-----> router------>| Internet |
> 172.16.1.x/24 | | 222.2.2.1 \__/\__/\__/
> `------'
> e1
> | DMZ
> | 172.16.1.x/24
> v
> http/dns/smtp
> servers
>
>
> As far as I know, the e2 should have the gateway address set
> to 222.2.2.1.
> Am I right?
100%, except for the internal addresses. The private and DMZ are different (IP) subnets. For instance:
e0 = 172.16.1.1 with subnet mask 255.255.255.0
e1 = 172.16.2.1 with subnet mask 255.255.255.0
The firewall acts as a router between these subnets. If you have more routes behind the firewall (different buildings share one FW for instance) you should be able to enter these routes in the firewall.
You can view the netscreen demo on-line http://www.netscreen.com/pub/demo/index.html (routing tab is under the configure menu).
Vincent de Lau
System Administrator / MSCE
