Simon Slater: >>> When a firewall computer has 2 nics, they should be on separate >>> subnets? Yes? Tim: >> That depends on how you want to use them. If the computer sits >> *between* two networks, then yes. Aaron Konstam: > Clarification of the answer above. They can be on different LANS, but do > not have to be. I don't see how that's a clarification... NB: Simon talked about a "firewall computer." Generally (hence my "it depends"), to use a computer as a firewall, you'd put it between two networks. Which may be the ISP's and yours. Or, any two networks of any type (such as the research LAN and the cafeteria LAN, in single business). Even when you put a firewall on one computer, to protect itself from the outside, it's typically carving up the networking, albeit internally, into two halves. Outer and inner, with control between the two halves, and different rules for each. It's rather difficult, if not impossible, for a computer to act as a firewall when it's not *between* the protected network and the rest. And trying to make either side seem to be the same subnet will be an nightmarish exercise in configuration, and prone to networking errors. Don't get too hung up on the name "subnet." A subnet is a network, two subnets in a building are two networks. It's just a name used when a network is carved into separate branches. -- [tim@localhost ~]$ uname -r 2.6.27.19-78.2.30.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
