RE: [fw-wiz] Adding 2ndary IP to IPSO
From: Babatunde A Jayeju-akinsiku (jayeju_at_blueyonder.co.uk)
Date: 05/23/03
- Previous message: Babatunde A Jayeju-akinsiku: "RE: [fw-wiz] Adding 2ndary IP to IPSO"
- In reply to: Barney Wolff: "Re: [fw-wiz] Adding 2ndary IP to IPSO"
- Next in thread: Barney Wolff: "Re: [fw-wiz] Adding 2ndary IP to IPSO"
- Reply: Barney Wolff: "Re: [fw-wiz] Adding 2ndary IP to IPSO"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Barney Wolff" <barney@databus.com> Date: Fri, 23 May 2003 16:12:18 +0100
Barney
I have 32 public addresses on a 64kps line (upgrade is already in the
pipeline). some of the addresses have already been ported to other
firewalls. I am trying to port some services to different IP addresses on
the checkpoint (plan is to do away with the other firewalls and put
everything behind the checkpoint).
the need to use different IP is to be able to manage bandwidth, services &
traffic
I am not allowed to use public IP addresses on internal servers even if it
is passing through the firewall.
Now going to your suggestion of using 255.255.255.255 as netmask I can see
the reason why it'll work but isn't there any security implication of doing
that?
thanks
Baba
-----Original Message-----
From: Barney Wolff [mailto:barney@databus.com]
Sent: 22 May 2003 05:00
To: Baba Jayeju
Cc: firewall-wizards@nfr.net
Subject: Re: [fw-wiz] Adding 2ndary IP to IPSO
On Wed, May 21, 2003 at 03:10:35PM -0000, Baba Jayeju wrote:
>
> Guys, i am having problems adding a secondary IP address to an interface
> on a NOKIA 350 box running checkpointFW-1 FP2. The problem is that this IP
> address is on the same subnet as that of the external interface. (i know
> it is doable as i have done it on other platforms) has anyone come accross
> similar problems and what was the workaround.
I'm not sure exactly what you're asking. If the problem is to add a
second address on the same subnet that the first address of the interface
is on, use a netmask of 255.255.255.255 - that works on FreeBSD, and so
I suspect it will work on the Nokia.
If instead you want to transparently bridge the external subnet to an
internal interface, someone else will have to answer for fw1.
Why is it that you need to do that?
-- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Babatunde A Jayeju-akinsiku: "RE: [fw-wiz] Adding 2ndary IP to IPSO"
- In reply to: Barney Wolff: "Re: [fw-wiz] Adding 2ndary IP to IPSO"
- Next in thread: Barney Wolff: "Re: [fw-wiz] Adding 2ndary IP to IPSO"
- Reply: Barney Wolff: "Re: [fw-wiz] Adding 2ndary IP to IPSO"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
