RE: [FW1] netmask question

Wed, 21 Jun 2000 09:11:31 -0700

Title: RE: [FW1] netmask question

Hoang-

If you are connecting to the internet using those addresses you are already using hide NAT to hide those addresses behind a valid IP address most likely the external interface of you firewall.  This must be true because 192.168.#.# is a reserved address so internet routers will not route it.  RFC 1918 sets aside a block of class a, b & c address for private use.  If you subnet these even further this is fine.  This can be useful.  You might decide to setup a VPN to one of your clients, remote office, etc.  If the are using 192.168.2.0/24(255.255.255.0) and you are using 192.168.0.0/16(255.255.0.0)you will run into problems because their network is a subset of yours.  If you change your mask to 24 bits (255.255.255.0) your network address would be 192.168.1.0 and the 2 networks don't overlap.

As long as the firewall and the hosts are configured with the same mask you should be fine.

Hope this helps

-PaulK

*********************************************
Paul Keser
Network Security Engineer
[EMAIL PROTECTED]
tel:   415.351.4037
fax:  415.474.6017

ShopExpert.com
1375 Sutter Street, Suite 400
San Francisco, CA  94109
*********************************************


> -----Original Message-----
> From: Hoang [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, June 20, 2000 2:35 PM
> To: [EMAIL PROTECTED]
> Subject: [FW1] netmask question
>
>
>
> > My current FW internal interface has an ip of 192.168.1.2
> with a mask of
> > 255.255.0.0.  I would like to change all netmask on my
> internal network to
> > 255.255.255.0.  Would that cause any kind of trouble on Internet
> activities
> > (or anything at all).  Eventually after the change on my
> internal network,
> I
> > will change the FW internal interface's mask to
> 255.255.255.0 to match.
> >
> > Thanks for response.
> >
>
>
>
> ==============================================================
> ==================
>      To unsubscribe from this mailing list, please see the
> instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================
>

Reply via email to