At 23:05 10/09/00 +0800, Ronneil Camara wrote:
>I have a diagram below. I need your answer so that I will know if I am doing
>it right.
>
>MY THOUGHTS:
>1. I don't need to add a route to 172.22.1.0 and 172.25.22.0 on the router
>since this will be taken care by NAT function of the firewall.
yes
>2. I need to add a default route on the firewall and that the gateway should
>be set to 172.26.22.1.
yes again!
>3. The gateway ip address of workstations on the internal network should be
>set to 172.22.1.1.
still agreeing.
>4. The gateway ip address of servers on the dmz network should be set to
>172.25.22.1.
agree once again.
if the dmz hosts are to be reached directly (without NAT) from the
internet, you will also
need routes: on the internet, but this should be ok; and on the router (and
of course, the
addresses should be public ones).
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
