Re: Linux Firewall

["Bruno Gimenes Pereti" <pereti@xxxxxxxxxx>]

Why don't you subdivide your class C?

[ internet ]---nic1[ Firewall ]nic2---[ your hub ]---nicX[ your servers ]

Let's supose your class C is: 222.222.222.000/24

nic1 could be 222.222.222.1/25
(network 222.222.222.0,  netmask 255.255.255.128, broadcast 222.222.222.127)

nic2 could be 222.222.222.129/25
nicX could be 222.222.222.[130-254]/25
(network 222.222.222.128, netmask 255.255.255.128, broadcast 222.222.255)

Note1: Couple years ago a professor said that some old router can't handle
this subdivision because of the first network (222.222.222.0). I've never
seen a router that can't work with it. Does any one have any information
about this.
Note2: You will lose 125 IPs in the first network if you don't have any
other machine in it.
And sorry if it's not what you wanted.

Bruno Gimenes Pereti.


----- Original Message -----
From: "Benjamin Stocker" <bstocker@media-plus.ch>
To: <security-discuss@linuxsecurity.com>
Sent: Tuesday, November 27, 2001 1:53 PM
Subject: Linux Firewall


>
> Hy all,
>
> I maintain a small Hosting center with 6 webservers, fax, pop3-mail.
> etc. I only have one C Subnet! I would like to protect my servers with a
> iptables firewall. Unfortunately, it seems to be odd to put the fw AND
> the servers in the same subnet.
>
> It seems to be possible to install two NIC's in the firewall and point
> one of them to the Net, the other to the webservers, but both configured
> for the same subnet. But that configuration seems to be rare and I
> cannot find documentation about it.
>
> What's your opinion?
> Many thanks, Benjamin
>
>
> ------------------------------------------------------------------------
>      To unsubscribe email security-discuss-request@linuxsecurity.com
>          with "unsubscribe" in the subject of the message.
>

------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.