Hi
I have 4 IPs which I carefully made sure that they were in a
"subnetable" block when I got them from my ISP. The original intention was
to be able to play with networking, but to possibly make my life easier
down the road when I need to specify them as a group (using a mask).
I have a.b.c.136 - a.b.c.139 which can be written a.b.c.136/30 (netmask
255.255.255.252)
If I've screwed something up already, please stop me here!
I have a single linux box setup a a gateway that will be routing these Ips
into 1 or more internal (NATed) networks (i'm also thinking about setting
up a DMZ, but have questions regarding this).
Questions please:
1. On the firewall I have been using a netmask of 255.255.255.0. I am
logging a lot of the packets I am denying, and because I am not specifying
a destination address, I'm seeing a lot of junk I'd rather nto see. Since
I'm only interested in packets that would be routed to me, can I use
a.b.c.136/30 as a destination (-d)? I ask because I'm not 100% sure if
this renders 136 and 139 useless sicne they are the network and broadcast
addresses for this subnet.
2. Can I use 255.255.255.252 for the subnet on this interface? Thsi would
bode well with my firewall script since it currently gets the mask from
ifconfig anyway.
3. If I were to setup a DMZ, can I do it with just 4 IPs? A friend was
having problems running an FTP server when using non routable IPs between
the gateway and the DMZ boxes - but I may be way off base here.
So, I image doinf soemthing like this
internet
|
a.b.c.136/30
|
------------------------
| |
| gateway/firewall |
| |
------------------------
| |
192.168.1.1 a.b.c.137
| |
home LAN DMZ
192.168.1.x a.b.c.138, a.b.c.139
Now, am I fooling myself here, or is this doable?
How about if I used 192.1.68.1.x for the DMZ and just used port forwarding
to the DMZ hosts? That would make more of my IPs available. Like this:
internet
|
a.b.c.136/30
|
------------------------
| |
| gateway/firewall |
| |
------------------------
| |
192.168.1.1 192.168.2.1
| |
home LAN DMZ (web/ftp/yada/yada servers)
192.168.1.x 192.168..x
Again, my specific concern is that I don't want to have issues with ftp
(or other critical services)
thanks
charles
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
