On 7 Feb 2002, at 3:06, Alvin Oga wrote: > hi ya luis > > for subnets.... say 4 depts isolated from each other... > > a) make sure yoou have a switch.. NOT a hub that ties them together > so that they cannot sniff traffic on the other side... > ( a 4-port firewall is good ) > > Each dept has its own class-C ( simple way ) > ---------------------------- > 192.168.1.x 192.168.2.x 192.168.3.x 192.168.4.x > > NetMask: 255.255.0.0 > Network: 192.168.0.0 > Broadcast: 192.168.255.255
Hmmm. While a switch will generally keep the users from sniffing each other's traffic, you've specified a class *B* network, net mask and broadcast address -- any broadcast traffic will be visible to everyone, and machine-to-machine traffic across department boundaries will not be restricted. Instead Network: 192.168.1.0 192.168.2.0 192.168.3.0 192.168.4.0 NetMask: 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 Broadcast: 192.168.1.255 192.168.2.255 192.168.3.255 192.168.4.255 > if you only have ONE class-C to be subnet ( 4 subnets fo 62 hosts each ) > ----------------------------------------- > ( people can change their masks to peek at the other side > ( unless you have a 4-port firewall > 192.168.1.0 192.168.1.64 192.168.1.128 192.168.1.192 > NetMask 255.255.255.192 255.255.255.192 255.255.255.192 255.255.255.192 > Network 192.168.1.0 192.168.1.64 192.168.1.128 192.168.1.192 > Broadcast 192.168.1.63 192.168.1.63 192.168.1.63 192.168.1.63 Broadcast: 192.168.1.63 192.168.1.127 192.168.1.191 192.168.1.255 Other rows of the table above are correct, but you've got everyone sending their broadcast traffic as directed broadcasts to the first subnet, rather than to their own subnet. > more subnet stuff > http://www.ralphb.net/IPSubnet/ > http://vger.freesoft.org/CIE/Course/Subnet/ > http://www.completeis.com/support/subnet/ > http://www.cisco.com/warp/public/701/3.html > http://www.sinclair.org.au/keith/networking/subnet1.html > .. tons of um ... > >http://www.ibiblio.org/pub/Linux/docs/HOWTO/mini/other-formats/html_single/Proxy-ARP-Subnet.html > > have fun > alvin > > On Thu, 7 Feb 2002, luis wrote: > > > Hi, I have been told that in order to keep the different company > > departments "isolated" each other( but everyone accessing internet), I > > have to use subnetting. after the reading of some books and articles, I > > haven�t found any reference (one indirect but not useful). But I think that > > I need firewalls to do the job. So I�m asking for some light, reference to > > article, experience, book... whatever. > > Thanks a lot > > luis _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
