Probably the easiest way to connect them all together would be
just use the IPs and the netmask as you've been given, and also use your
ISP's gateway instead of trying to create one of your own. (since gateways
are usually routers or routable systems... this will take a lot of headache
away... ) Something else to keep in mind, if you have multiple cards in
any system, and that system is connected to the internet directly (or any
of them are) and it has a remaining private IP address (i.e. 192.168.0.1)
this will sometimes bring down all interfaces (real or private) due to a
conflict in IP address...
This is what worked for me and my network. Hope this helps!
Fred
At 02:41 PM 11/28/00 -0500, you wrote:
>Hi
>
>I have 4 IPs which I carefully made sure that they were in a
>"subnetable" block when I got them from my ISP. The original intention was
>to be able to play with networking, but to possibly make my life easier
>down the road when I need to specify them as a group (using a mask).
>
>I have a.b.c.136 - a.b.c.139 which can be written a.b.c.136/30 (netmask
>255.255.255.252)
>
>If I've screwed something up already, please stop me here!
>
>I have a single linux box setup a a gateway that will be routing these Ips
>into 1 or more internal (NATed) networks (i'm also thinking about setting
>up a DMZ, but have questions regarding this).
>
>Questions please:
>
>1. On the firewall I have been using a netmask of 255.255.255.0. I am
>logging a lot of the packets I am denying, and because I am not specifying
>a destination address, I'm seeing a lot of junk I'd rather nto see. Since
>I'm only interested in packets that would be routed to me, can I use
>a.b.c.136/30 as a destination (-d)? I ask because I'm not 100% sure if
>this renders 136 and 139 useless sicne they are the network and broadcast
>addresses for this subnet.
>
>2. Can I use 255.255.255.252 for the subnet on this interface? Thsi would
>bode well with my firewall script since it currently gets the mask from
>ifconfig anyway.
>
>3. If I were to setup a DMZ, can I do it with just 4 IPs? A friend was
>having problems running an FTP server when using non routable IPs between
>the gateway and the DMZ boxes - but I may be way off base here.
>
>So, I image doinf soemthing like this
>
> internet
> |
> a.b.c.136/30
> |
> ------------------------
> | |
> | gateway/firewall |
> | |
> ------------------------
> | |
>192.168.1.1 a.b.c.137
> | |
>home LAN DMZ
>192.168.1.x a.b.c.138, a.b.c.139
>
>
>Now, am I fooling myself here, or is this doable?
>
>How about if I used 192.1.68.1.x for the DMZ and just used port forwarding
>to the DMZ hosts? That would make more of my IPs available. Like this:
>
>
> internet
> |
> a.b.c.136/30
> |
> ------------------------
> | |
> | gateway/firewall |
> | |
> ------------------------
> | |
>192.168.1.1 192.168.2.1
> | |
>home LAN DMZ (web/ftp/yada/yada servers)
>192.168.1.x 192.168..x
>
>Again, my specific concern is that I don't want to have issues with ftp
>(or other critical services)
>
>thanks
>charles
>
>
>
>_______________________________________________
>Redhat-list mailing list
>[EMAIL PROTECTED]
>https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
