Re: Firewall where internal hosts have non-reserved IPs?

From: Les Mikesell (les@attbi.com)
Date: 10/25/02

Next message: : "Re: Reboot in output from "last":"
Previous message: : "Re: Secure FTPD (SSL)"
In reply to: Jem Berkes: "Re: Firewall where internal hosts have non-reserved IPs?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Les Mikesell" <les@attbi.com>
Date: Fri, 25 Oct 2002 01:45:01 GMT

"Jem Berkes" <jb2002-delete-this-AND-users@users.pc9.org> wrote in message
news:Xns92AFD2FE59C1Djbdontusepc9org@205.200.16.73...

> The bridge sounds neat, but the fringe/experimental nature of the
> firewalling scares me a bit. I know I made it sound like the private IP
> addresses on our LAN are out of the question, but in reality this is
> looking like it might be a better option simply because it's easier and
> I'm really screwed for time.
>
> >|- eth0 and eth1 have no IP address, right?
> >
> > If it's a router, yes they do.
>
> Thanks, I had not realized that before.
>
> > You have to ask for a subnet of the University's IP range so that your
> > firewall routes to this subnet.
>
> OK, that one is really going to be near impossible. Given that there's no
> way they're going to give our rather small LAN a whole subnet, do I
> pretty much have to go with the private IP/NAT approach?

The least disruptive way to do this is give the LAN side of the firewall
the ip address previously assigned to the router ethernet, then use a
different 4-host subnet (private if necessary) for the router <-> outside
ethernet connection. The router will then need a static route pointing
to the firewall for the previously-connected subnet or you could run
some routing protocol there. You can either run DHCP on the Linux
box or relay to the original server with dhcrelay.

However unless you need to support inbound connections to machines
behind the firewall I'd say you would be better off with NAT and
private addresses.

---
   Les Mikesell
       lesmikesell@attbi.com

Next message: : "Re: Reboot in output from "last":"
Previous message: : "Re: Secure FTPD (SSL)"
In reply to: Jem Berkes: "Re: Firewall where internal hosts have non-reserved IPs?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: [SLE] DSL problem
... If the DSL modem ... assigned a valid external IP by the ISP and then route IPs in your subnet to ... the inet facing NIC in your firewall box or alternately to a hub/switch. ... private IPs on the lan to the internet. ...
(SuSE)
Re: How expand domain subnet?
... But if my LAN was going to contain less than 200 Ethernet nodes, ... subnet would reduce the number of possible clients to 62. ... Add a new segment. ... and VPN clients (managed by PIX firewall). ...
(microsoft.public.windows.server.networking)
Re: LAN RAS setup guide?
... due to you having a single subnet LAN that does not already have a LAN ... Router making the Routing Decisions which leave your Firewall as the Default ...
(microsoft.public.windows.server.networking)
Trouble with SBS forward lookup zones
... i have an SBS server that sits on the LAN behind a firewall etc and has a private IP on the interfaces. ... the domain is also registered with CEICW as the domain of the computer (since we are using the Exchange server as a backend mailserver/workgroup server). ...
(microsoft.public.windows.server.sbs)
Re: NAT question
... the subnet that it uses for your LAN isn't ... must i use private ip addresses in my entire network when i am using NAT ... or connection sharing? ...
(microsoft.public.cert.exam.mcse)