Re: firewall ??

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2004-07-08 at 14:12, Bobby Knueven wrote:
> Still a little confused on firewalls. Here's my situation (more detail 
> this time).
> 
> I am assigned a block of IP addresses from the Office of Information 
> Tech. at our University. Along with this block of IP's come the DNS 
> servers I have to use and the Default Gateway. Everything else, DHCP, 
> File server, webserver is up to me to provide. I need to build a 
> firewall that will allow my current block of addresses(class B), which 
> are assigned to my network from a DHCP server that will is on my 
> network to access the net while providing a secure environment. Since I 
> have a substantial amount of addresses I do not need NAT to use 192's, 
> etc... Where my confusion comes in is the fact that I am already 
> assigned a default gateway on my network. Is it possible to apply a 
> firewall with Internet connection sharing that acts as a new default 
> gateway for my internal network while the firewall would still use the 
> Default Gateway assigned to me? How would I go about sharing that 
> connection without using NAT? Or should I just build a bridging 
> firewall? I am hesitant about a bridging firewall because it seems that 
> it would need to be fairly speedy to keep up with our network traffic. 
> Any recommendations would be appreciated. Thanks.
> 
> Bobby Knueven
> 

You will need to subnet your class B.  You can setup a firewall
connecting to the gateway the  provide using a small portion of the
address space they allocated to you.  The remainder of the address space
will be behind your firewall for all of the equipment on your network.

In order to do this you will coordinate with your campus network admin
so he can configure his gateways interface to match the subnet you
setup.  He will also put routing table entries in his routing table to
direct all traffic to the address range allocated to you to your
firewall.

For example if you were allocated a 172.30.0.0/16 address space you can
subnet 172.30.0.0/30 which means you would have two hosts available
172.30.0.1 and 172.30.0.2 which would be assigned one to your firewall
and one to your campus gateway.  The remaining address space can be
broken up into a series of 24 bit networks such as 172.30.1.0/24,
172.30.2.0/24, etc.  You can create larger subnets if you need them.

Read up on subnetting and get a good understanding of it.  Sounds like
you will be using it a lot.  :)

One caveat in my example, I am assuming your routers have zero subnet
enabled.  If not you will need to use 172.30.0.4/30 which would have
172.30.0.5 and 172.30.0.6 as valid hosts.

 
-- 
Scot L. Harris
webid@xxxxxxxxxx

The decision doesn't have to be logical; it was unanimous. 



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux