Hi Ed,
Wow... This all seems, uh, complicated. Maybe I am going about this in
the wrong way? Our existing gateway machine definitely doesn't have a
configuration this complex, especially since I don't have any control
over 141.161.185.38. What would be the best method to firewall off just
one part of a network - to have just a few servers on 141.161.111.x
behind a firewall, and all the other machines on that same network not
behind it? Am I making things too complicated here?
Ed Greshko wrote:
Ed Greshko wrote:
I wrote....
1. Assuming eth0 is the Internet facing interface you need to change
its IP address as well as its netmask.
IPADDR=141.161.111.1
NETMASK=255.255.255.252
BROADCAST=141.161.111.3
That was only an example. The important thing is that the netmask needs
to be 255.255.255.252 which gives you only 4 IP address on that
interface and of these only 2 are usable as the others are the network
address and the broadcast address.
You could have...
IPADDR=141.161.111.242 for eth0
IPADDR=141.161.111.241 for 141.161.185.38 interface
Broadcast=141.161.111.243
Network=141.161.111.240
Forgot to mention that in this case eth1 needs to be changed as well as
default gateways...but I think that was obvious. However, I forget that
what is obvious to me may not be obvious to others so it is better to
mention it....even if it is an afterthought and increases traffic. :-)
