Re: Question on IP address migration and firewalls

From: Marcel (marcelNOSPAMdegroot@home.nl)
Date: 09/19/02 

From: Marcel <marcelNOSPAMdegroot@home.nl>
Date: Thu, 19 Sep 2002 20:03:55 +0200

Hi Charles,

Charles Woolever wrote:

> Sine the company I work for started with Internet access several years
> ago, we have had a firewall (Sun 's SunScreen)

Please DO NOT give this info! Maybe someone can abuse this ....

and a range of public
> IP addresses from x.x.x.1 to 127 given to us by our service provider.

Wow, so much ;-)

>
> We changed service providers (a smaller one) and were told that IP
> addresses were more scarce now and that they needed to make sure that
> the range of IP addresses they give out is just enough to cover the
> need. Meaning, we had several servers with static IP addresses within
> the 1-127 range along with the IP address that the firewall sent
> everything out as, but we weren't using 127 addresses.

>
> Now we need to reduce our public IP range from 1-127 to 1-32. Our
> firewall does NAT. I guess I have no idea where to start. Do we need
> to start changing IP addresses for some of the servers whose IP
> address falls outside the 1-32 range? Meaning, we have a mail server
> that is .40, do I need to change that to something under 32? Then once
> all of the public IPs were are using (web, mail, etc) are in 1-32,
> just put the new range in the firewall? I can program the firewall,
> just not sure how I approach reducing our IP address usage.
>

I do not know the fw you talk about: but normaly you can use for
redirection of the incoming traffic to for example portnumbers..
(for , for example the all your http-traffic (on a single ip-adress),
and the ftp-traffic on another...)
(I didn't tried the portnumber-redirection out though!)
Please do a google search to for example apache and portnumbers.

> Any help you could give, I woudl appreciate. Thanks.
>
> Charles
>
I hope this helps you to proceed...;-)

Kind regards,

Marcel

Relevant Pages

  • RE: Slow user logon on Terminal server after migration to Windows 2003
    ... The Terminal Servers are 2000 or 2003. ... "Inside the firewall zone" means that the Citrix Servers have a firewall ... available RPC ports? ...
    (microsoft.public.windows.server.active_directory)
  • Re: medical records, web server, & stateful firewall vs packet filter
    ... > image and SQL servers directly (the image server link in particular ... The image and SQL servers ... the 2 firewall layers should run different s/ware - the idea is that a major ... security always cost a lot more than you expect (this comes up whenever we ...
    (comp.dcom.sys.cisco)
  • Re: I have been hacked (WAS: Have I been hacked or is nmap wrong?)
    ... > console based ftp client. ... the FTP servers have? ... > They are really mail servers, at least smtp for outgoing mails ... If you're firewall was dropping incoming packets destined to ...
    (freebsd-questions)
  • Re[3]: What can make DNS lookups slow? [semi-solved]
    ... My problem was that DNS lookups from and through my debian firewall ... My ISP's DNS servers are handing back replies from ... the machines inside the firewall, then I'd love to hear of it. ... # means that it queries the dmz server for everything ...
    (Debian-User)
  • RE: Secure Network Design (DMZ, LAN, etc)
    ... you'll see that their both on the same subnet. ... It has a port for the trusted network and a port ... Our firewall handles NAT. ... > servers, wouldn't it require a public IP and therefore be somewhat ...
    (Security-Basics)
Quantcast