hi ya dgillett
On Thu, 7 Feb 2002 [EMAIL PROTECTED] wrote: > On 7 Feb 2002, at 3:06, Alvin Oga wrote: > > > hi ya luis > > > > for subnets.... say 4 depts isolated from each other... > > > > a) make sure yoou have a switch.. NOT a hub that ties them together > > so that they cannot sniff traffic on the other side... > > ( a 4-port firewall is good ) > > > > Each dept has its own class-C ( simple way ) > > ---------------------------- > > 192.168.1.x 192.168.2.x 192.168.3.x 192.168.4.x > > > > NetMask: 255.255.0.0 > > Network: 192.168.0.0 > > Broadcast: 192.168.255.255 > > Hmmm. While a switch will generally keep the users from sniffing each other's >traffic, > you've specified a class *B* network, net mask and broadcast address -- any >broadcast traffic > will be visible to everyone, and machine-to-machine traffic across department >boundaries will > not be restricted. yupp ...assumed that it was easier for setup...less thinking involved to just blast everything..everywhere.. ( but than again... what's the point of the subnet in that case.. :-) -->> class-C subnetting is better as you shown below > Instead > > Network: 192.168.1.0 192.168.2.0 192.168.3.0 192.168.4.0 > NetMask: 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 > Broadcast: 192.168.1.255 192.168.2.255 192.168.3.255 192.168.4.255 > > > > > if you only have ONE class-C to be subnet ( 4 subnets fo 62 hosts each ) > > ----------------------------------------- > > ( people can change their masks to peek at the other side > > ( unless you have a 4-port firewall > > 192.168.1.0 192.168.1.64 192.168.1.128 192.168.1.192 > > NetMask 255.255.255.192 255.255.255.192 255.255.255.192 255.255.255.192 > > Network 192.168.1.0 192.168.1.64 192.168.1.128 192.168.1.192 > > Broadcast 192.168.1.63 192.168.1.63 192.168.1.63 192.168.1.63 > > Broadcast: 192.168.1.63 192.168.1.127 192.168.1.191 192.168.1.255 > > Other rows of the table above are correct, but you've got everyone sending their > broadcast traffic as directed broadcasts to the first subnet, rather than to their > own subnet. oooppss..i always get broadcasts mixed up.. to be same or incrementing too thanx alvin > > more subnet stuff > > http://www.ralphb.net/IPSubnet/ > > http://vger.freesoft.org/CIE/Course/Subnet/ > > http://www.completeis.com/support/subnet/ > > http://www.cisco.com/warp/public/701/3.html > > http://www.sinclair.org.au/keith/networking/subnet1.html > > .. tons of um ... > > >http://www.ibiblio.org/pub/Linux/docs/HOWTO/mini/other-formats/html_single/Proxy-ARP-Subnet.html > > > > have fun > > alvin > > > > On Thu, 7 Feb 2002, luis wrote: > > > > > Hi, I have been told that in order to keep the different company > > > departments "isolated" each other( but everyone accessing internet), I > > > have to use subnetting. after the reading of some books and articles, I > > > haven�t found any reference (one indirect but not useful). But I think that > > > I need firewalls to do the job. So I�m asking for some light, reference to > > > article, experience, book... whatever. > > > Thanks a lot > > > luis > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
