To my knowledge, there are two another solutions for your problem.
1. Proxy-arping on the firewall.
With proxy-arping you do not have to route several subnets for the
28 IP numbers and you just need one network-address and one
broadcast-address for the whole infrastructure.
For more information see the very good mini-howto
"Proxy-ARP-Subnet".
2. Port forwarding
Another Idea is to use masquerading (for outgoing connections) and
port forwarding (for incoming connections). See also the
respective howtos.
Recently, I've chosen solution 2 and found it to be working
without any problems.
root wrote:
>
> For a start, your 4 machine subnets should have 255.255.255.252 netmasks
> not 255.255.255.254? Secondly, to the best of my knowledge, there is no
> such thing as a 28 machine subnet. What you now have to do is find the
> best way to break the 28 IP's into routable subnets. You will lose a
> number of IP's for doing this.....but here it is...!
>
> Router /Firewall Network
>
> Network 1.2.3.0
> Router 1.2.3.1
> Firewall 1.2.3.2
> Broadcast 1.2.3.3
>
> 28 IP's left...! Work out the subnets...!
> 1 x 4 machine
> 1 x 8 machine
> 1 x 16 machine
> = 28 IP's
>
> So now you route three networks from your firewall / router... onto your
> internal network.
>
> 1.2.3.4/30 netmask 255.255.255.252
> 1.2.3.8/29 netmask 255.255.255.248
> 1.2.3.16/28 netmask 255.255.255.240
> Due to this, you will lose 6 of your 28 IP's .... leaving you with 22.
>
> It's the only solution I have :)
>
> Rgds,
>
> Scott Nursten
>
>
>
> On Sat, 8 Jan 2000, Chris Knipe wrote:
>
> > Hi all ...
> >
> > Previous time I did this, I splitted the network subnet into two 50/50
> > segments... There MUST be an better way to do this...
> >
> > Whats the problem ? Well, lots of my clients gets 32 IP address blocks
> > allocated to them over 64K diginet lines... Many of those lease lines needs
> > dedicated Linux Firewalls... Just how do I subnet ?
> >
> > Say for example, an client gets allocated 1.2.3.0 on an subnet of
> > 255.255.255.224... That's 32 IP Addresses (including network and
> > broadcast addresses)...
> >
> > The Router gets assigned, 1.2.3.1, eth0 on the linux box is 1.2.3.2. That
> > will be easy to configure... It's an static route...
> >
> > eth1 on the linux box now, has to be allocated 1.2.3.5, while 1.2.3.6 and
> > the rest of the IP address gets allocated on the network located from eth1
> > (The firewalled network).
> >
> > How do I route this on the firewall ?
> >
> > I can subnet 1.2.3.1 and 1.2.3.2 on 255.255.255.254, which will make .1 and
> > .2 in its own subnet, and I use .5 for the IP address of eth1 on the
> > firewall, but what / how do I subnet eth1 to allow it to use .5 to .28 (?)
> > on its own subnet for the second network?
> >
> > For it to route successfully, the two network cards have to be in their own
> > subnet to just route the network bits over the various network cards ?
> >
> > If I have to use rip or gated for this, does anyone have an example
> > configuration for me ?
> >
> >
> > Graphical Layout:
> > ~~~~~~~~~~~~~~~~~
> > +-- Workstation
> > |-- Workstation
> > +--------+ +----------+ |-- Workstation
> > -| Router |----| Firewall |-+-- Workstation
> > +--------+ +----------+ |-- Workstation
> > |-- Workstation
> > +-- Workstation
> >
> > Router: Network: 1.2.3.0
> > Broadcast: 1.2.3.3
> > IP: 1.2.3.1
> > Subnet: 255.255.255.254
> >
> > Firewall (eth0):
> > Network: 1.2.3.0
> > Broadcast: 1.2.3.3
> > IP: 1.2.3.2
> > Subnet: 255.255.255.254
> >
> > Firewall (eth1)
> > Network: 1.2.3.4
> > Broadcast: 1.2.3.32 (?)
> > IP: 1.2.3.5
> > Subnet: 255.255.255.240 (?)
> >
> > Any help as per usual, MUCH appreciated!!!!!
> >
> > Regards
> > Chris Knipe
> > Cel: (083) 430 8151
> > Freelance Internet Developer, Consultant, Administrator & Speaker
> >
> > -
> > To unsubscribe from this list: send the line "unsubscribe linux-net" in
> > the body of a message to [EMAIL PROTECTED]
> >
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-net" in
> the body of a message to [EMAIL PROTECTED]
--
__________________________________________________________________
Emmerich Eggler [EMAIL PROTECTED]
Eggler Communications +41 (0)79 438 75 11
Wannerstrasse 3/39 +41 (0) 1 463 43 73
CH-8045 Zuerich http://www.eggler.ch
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
