Re: firewall ??
From: Scot L. Harris (webid_at_cfl.rr.com)
Date: 07/08/04
- Previous message: Eubank, Chris RBCM:EX: "RE: gdmgreeter and different window managers"
- In reply to: Bobby Knueven: "Re: firewall ??"
- Next in thread: Nigel Wade: "Re: firewall ??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: For users of Fedora Core releases <fedora-list@redhat.com> Date: Thu, 08 Jul 2004 16:40:59 -0400
On Thu, 2004-07-08 at 14:12, Bobby Knueven wrote:
> Still a little confused on firewalls. Here's my situation (more detail
> this time).
>
> I am assigned a block of IP addresses from the Office of Information
> Tech. at our University. Along with this block of IP's come the DNS
> servers I have to use and the Default Gateway. Everything else, DHCP,
> File server, webserver is up to me to provide. I need to build a
> firewall that will allow my current block of addresses(class B), which
> are assigned to my network from a DHCP server that will is on my
> network to access the net while providing a secure environment. Since I
> have a substantial amount of addresses I do not need NAT to use 192's,
> etc... Where my confusion comes in is the fact that I am already
> assigned a default gateway on my network. Is it possible to apply a
> firewall with Internet connection sharing that acts as a new default
> gateway for my internal network while the firewall would still use the
> Default Gateway assigned to me? How would I go about sharing that
> connection without using NAT? Or should I just build a bridging
> firewall? I am hesitant about a bridging firewall because it seems that
> it would need to be fairly speedy to keep up with our network traffic.
> Any recommendations would be appreciated. Thanks.
>
> Bobby Knueven
>
You will need to subnet your class B. You can setup a firewall
connecting to the gateway the provide using a small portion of the
address space they allocated to you. The remainder of the address space
will be behind your firewall for all of the equipment on your network.
In order to do this you will coordinate with your campus network admin
so he can configure his gateways interface to match the subnet you
setup. He will also put routing table entries in his routing table to
direct all traffic to the address range allocated to you to your
firewall.
For example if you were allocated a 172.30.0.0/16 address space you can
subnet 172.30.0.0/30 which means you would have two hosts available
172.30.0.1 and 172.30.0.2 which would be assigned one to your firewall
and one to your campus gateway. The remaining address space can be
broken up into a series of 24 bit networks such as 172.30.1.0/24,
172.30.2.0/24, etc. You can create larger subnets if you need them.
Read up on subnetting and get a good understanding of it. Sounds like
you will be using it a lot. :)
One caveat in my example, I am assuming your routers have zero subnet
enabled. If not you will need to use 172.30.0.4/30 which would have
172.30.0.5 and 172.30.0.6 as valid hosts.
-- Scot L. Harris webid@cfl.rr.com The decision doesn't have to be logical; it was unanimous. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
- Previous message: Eubank, Chris RBCM:EX: "RE: gdmgreeter and different window managers"
- In reply to: Bobby Knueven: "Re: firewall ??"
- Next in thread: Nigel Wade: "Re: firewall ??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
