[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: IP addressing on firewall
[ The following text is in the "iso-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Hi Ronneil,
First post here, hope its accurate! Yes, this should be correct, at least
with NT. Once you turn on IP forwarding on your firewall, each interface
knows about the other interfaces, and the networks directly available through
them (using the subnet mask). The interfaces do not need default gateways to
do this, and in fact using default gateways which refer to the other
interfaces will mess up IP routing on the box.
However your external interface does need to know how to get to the next hop,
and will therefore require a default gateway.
For more info:
http://www.phoneboy.com/fw1/
- Barry
-----Original Message-----
From: Ronneil Camara [mailto:ronneilc@oneconsulting.com]
Sent: Wednesday, August 16, 2000 10:21 AM
To: 'firewalls@Lists.GNAC.NET'
Subject: RE: IP addressing on firewall
Hi Tobias,
Looks like you misunderstood my POST. I wasn't talking about the host on my
private net, I was talking about the firewall config. Of course, the gateway
ip address that I should put on my host on my private net is 172.16.1.1.
Supposed we have the following config:
e0 = 172.16.1.1
e1 = 172.16.1.5
e2 = 222.2.2.2
router lan = 222.2.2.1
__ __ __
.------. / \/ \/ \
private----------e0| FW |e2-----> router------>| Internet |
172.16.1.x/24 | | 222.2.2.1 \__/\__/\__/
`------'
e1
| DMZ
| 172.16.1.x/24
v
http/dns/smtp
servers
As far as I know, the e2 should have the gateway address set to 222.2.2.1.
Am I right?
--
.-------------------------------------------------------.
.^. | Ronneil Camara, | ronneil.camara@oneconsulting.com |
/V\ |--------------------| +632 6354086 +63917 5326993 |
// \\ | "The only way to `----------------------------------|
/( )\ | stop a hacker is to think like one." |
^^-^^ | ...brilliant misguided youth |
`-------------------------------------------------------'
> -----Original Message-----
> From: Reckhard, Tobias [mailto:Reckhard@secunet.de]
> Sent: Wednesday, August 16, 2000 5:08 PM
> To: 'Ronneil Camara'; 'firewalls@Lists.GNAC.NET'
> Subject: RE: IP addressing on firewall
>
>
> Wrong. The 'firewall' is the default gateway of the hosts on
> the private net
> and in the DMZ. Unless you've got a layer 2 firewall (no, you
> most probably
> don't).
>
> Regards
> Tobias Reckhard
> secunet
> Security Networks AG Tel : +49(6196)95888-42
> Mergenthalerallee 77 Fax : +49(6196)95888-88
> D-65760 Eschborn E-Mail: reckhard@secunet.de
>
> > -----Original Message-----
> > From: Ronneil Camara [SMTP:ronneilc@oneconsulting.com]
> > Sent: Wednesday, August 16, 2000 9:58 AM
> > To: 'firewalls@Lists.GNAC.NET'
> > Subject: RE: IP addressing on firewall
> >
> > Since we're talking of the firewall which implements DMZ, only the
> > interface
> > that is exposed to the internet should have a gateway and
> that gateway
> > should have the ip address of the router facing the
> internet also. I don't
> > need to put any gateway ip address on the private and dmz lan cards,
> > right?
> >
> > Ronneil
> > -
> > [To unsubscribe, send mail to majordomo@lists.gnac.net with
> > "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to majordomo@lists.gnac.net with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to majordomo@lists.gnac.net with
"unsubscribe firewalls" in the body of the message.]
|
