split a network

Nevo Hed Nevo@aviancommunications.com
Thu, 19 Jul 2001 16:10:03 -0400 

You should really avoid using .127 and .128 themselves
it will break some stuff as these will be the broadcats address of your
loawer and
network address of your upper networks.

Also -=20
Did you really mean that 168.0.1.X is a private address ?
The term private usually means that it is one of RFC1918 addresses
     10.0.0.0        -   10.255.255.255  (10/8 prefix)
     172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
     192.168.0.0     -   192.168.255.255 (192.168/16 prefix)

If your ISP assigned an address to you or you own it and its valid for
use
on the net than it is a public address

and that aside ... if slicing it in the middle is not good for you
because you=20
end up wasting too many addresses on either half then you can create a
net with=20
a bigger mask and longest-prefix match should take care of the routing
side


> -----Original Message-----
> From: Antony Stone [mailto:Antony@Soft-Solutions.co.uk]
> Sent: Thursday, July 19, 2001 8:45 AM
> To: netfilter@lists.samba.org
> Subject: Re: split a network
>=20
>=20
> On 19 Jul 01 at 13:21, MANUEL GARCIA-CERVIGON wrote:
>=20
> > Hello,
> > Right now, I we have a Firewall to prevent hacking from my=20
> network wich has
> > servers and pc with private IP=B4s.(168.0.1.X) I would like=20
> to create a DMZ=20
> > without changing any IP. Does anyone Know how to split my=20
> actual Network
> > into a DMZ and a MZ?
>=20
> What range of X are your current machines using ?
>=20
> If everything's currently between 1 and 127, for example, you=20
> could split the=20
> network into two "half class C's" with a netmask of=20
> 255.255.255.128 instead=20
> of the usual 255.255.255.0
>=20
> If currently-used addresses exist both below and above 128,=20
> you'd need to do=20
> something a bit more complicated like having three network=20
> ranges using a=20
> netmask of 255.255.255.192 on the same cable segment (they=20
> can communicate=20
> with each through the the single firewall interface) and the other=20
> 255.255.255.192 network (64 addresses) as your DMZ...
>=20
> Hope this helps,
>=20
>=20
> Antony.
>=20
>=20