For a start, your 4 machine subnets should have 255.255.255.252 netmasks
not 255.255.255.254? Secondly, to the best of my knowledge, there is no
such thing as a 28 machine subnet. What you now have to do is find the
best way to break the 28 IP's into routable subnets. You will lose a
number of IP's for doing this.....but here it is...!
Router /Firewall Network
Network 1.2.3.0
Router 1.2.3.1
Firewall 1.2.3.2
Broadcast 1.2.3.3
28 IP's left...! Work out the subnets...!
1 x 4 machine
1 x 8 machine
1 x 16 machine
= 28 IP's
So now you route three networks from your firewall / router... onto your
internal network.
1.2.3.4/30 netmask 255.255.255.252
1.2.3.8/29 netmask 255.255.255.248
1.2.3.16/28 netmask 255.255.255.240
Due to this, you will lose 6 of your 28 IP's .... leaving you with 22.
It's the only solution I have :)
Rgds,
Scott Nursten
On Sat, 8 Jan 2000, Chris Knipe wrote:
> Hi all ...
>
> Previous time I did this, I splitted the network subnet into two 50/50
> segments... There MUST be an better way to do this...
>
> Whats the problem ? Well, lots of my clients gets 32 IP address blocks
> allocated to them over 64K diginet lines... Many of those lease lines needs
> dedicated Linux Firewalls... Just how do I subnet ?
>
> Say for example, an client gets allocated 1.2.3.0 on an subnet of
> 255.255.255.224... That's 32 IP Addresses (including network and
> broadcast addresses)...
>
> The Router gets assigned, 1.2.3.1, eth0 on the linux box is 1.2.3.2. That
> will be easy to configure... It's an static route...
>
> eth1 on the linux box now, has to be allocated 1.2.3.5, while 1.2.3.6 and
> the rest of the IP address gets allocated on the network located from eth1
> (The firewalled network).
>
> How do I route this on the firewall ?
>
> I can subnet 1.2.3.1 and 1.2.3.2 on 255.255.255.254, which will make .1 and
> .2 in its own subnet, and I use .5 for the IP address of eth1 on the
> firewall, but what / how do I subnet eth1 to allow it to use .5 to .28 (?)
> on its own subnet for the second network?
>
> For it to route successfully, the two network cards have to be in their own
> subnet to just route the network bits over the various network cards ?
>
> If I have to use rip or gated for this, does anyone have an example
> configuration for me ?
>
>
> Graphical Layout:
> ~~~~~~~~~~~~~~~~~
> +-- Workstation
> |-- Workstation
> +--------+ +----------+ |-- Workstation
> -| Router |----| Firewall |-+-- Workstation
> +--------+ +----------+ |-- Workstation
> |-- Workstation
> +-- Workstation
>
> Router: Network: 1.2.3.0
> Broadcast: 1.2.3.3
> IP: 1.2.3.1
> Subnet: 255.255.255.254
>
> Firewall (eth0):
> Network: 1.2.3.0
> Broadcast: 1.2.3.3
> IP: 1.2.3.2
> Subnet: 255.255.255.254
>
> Firewall (eth1)
> Network: 1.2.3.4
> Broadcast: 1.2.3.32 (?)
> IP: 1.2.3.5
> Subnet: 255.255.255.240 (?)
>
> Any help as per usual, MUCH appreciated!!!!!
>
> Regards
> Chris Knipe
> Cel: (083) 430 8151
> Freelance Internet Developer, Consultant, Administrator & Speaker
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-net" in
> the body of a message to [EMAIL PROTECTED]
>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
