S.O.S -- Firewall Setup Plan
Wed, 25 Jul 2001 15:09:51 -0400
Thanks for your suggestion. But, because I have 32 real ip addresses and 15
workstations, 4 servers (web, mail, DNS) in my local network.
I wondered how i can build a firewall in front of my network with all 'real'
ip addresses? The reason is that i host 50 around web sites with 20 ip
addresses and i don't want to change any address for them...
----- Original Message -----
From: Nigel Morse <N.Morse@hyperknowledge.com>
To: 'lee' <email@example.com>; <firstname.lastname@example.org>
Sent: Wednesday, July 25, 2001 3:50 AM
Subject: RE: S.O.S -- Firewall Setup Plan
> The problem is that subnetting gets tricky if your not just spliting in
> , and you lose some address when you do that.
> The best option is to use internal (192.168.1.x) addresses and have the
> firewall do simple SNAT for you. Any machines that then need to be exposed
> (eg web servers and mail) you can add more NAT rules and IP aliases. This
> means that only boxes you want are exposed and all the others look like
> connections come from the firewall.
> Another option (which I'm going to try) is 1-1 NAT, i.e. have the firewall
> NAT 1.2.3.x to 192.168.1.x where x is the host number in both prerouting
> and postrouting (you can use the NETMAP patch for this). Also you need to
> have the firewall respond to ARP requests for the internal boxes by adding
> aliases to the right network interface. To the outside you then appear to
> have a normal network on normal address. This is slightly more insecure,
> all the boxes are "exposed" but if the firewall design is good then it
> shouldn't be too bad.
> -----Original Message-----
> From: lee [mailto:email@example.com]
> Sent: 24 July 2001 21:36
> To: firstname.lastname@example.org
> Subject: S.O.S -- Firewall Setup Plan
> I need to build a firewall as soon as posible. But, I've got a big
> In my company, we have 32 IP addresses (actually is only 29) in network
> and one cisco router to pass through our internet traffic.
> I plan to put a unix system's firewall in my local network to protect
> several servers. But I don't know how to configuire my network. Should i
> need to make subnet for my IP addresses or i can use same IP range IP
> address for both devices on my firewall....
> The skeme is below:
> ------------- ------------- ----------------------
> | Router | ------ | Firewall | -------| Local Network|
> ------------- -------------- ----------------------