[NCLUG] firewall nic config

mike cullerton michaelc at cullerton.com
Fri Apr 26 07:22:43 MDT 2002


On Thursday, April 25, 2002, at 07:37 PM, William Dan Terry wrote:

> On a firewall with one ethernet card for connecting to the LAN and 
> one connecting to the Net is there a way to set the netmask or 
> something else to split a class C so that most of the addresses are 
> on the inside and only a small number are on the outside? If not, is 
> there any reason I couldn't add 2 more NICs and at least set the 
> netmasks for the 4 NICs each have a quarter of the class C and 
> connect three to an inside hub? I've never configured a firewall 
> (ipchains) for more than 2 interfaces. Is it doable?
>

a class c (or more appropriately a /24 these days) can be split many 
ways. all 'pieces' must be of a size that is a power of 2 (ie, 
0,2,4,8,16...) and they must all start on a 'zero' boundary.

[i'll talk about this at an nclug meeting on the tcp/ip topic, 
possibly in may.]

you could break it into 0-63, 64-127 and 128-255. this would be

a.b.c.0/26   (255.255.255.192)
a.b.c.64/26  (255.255.255.192)
a.b.c.128/25 (255.255.255.128)

another option is

a.b.c.0/27    // this is 0-31   (255.255.255.224)
a.b.c.32/27   // 32-63          (255.255.255.224)
a.b.c.64/26   // 64-127         (255.255.255.192)
a.b.c.128/25  // 128-255        (255.255.255.128)

hope this helps,
mike

  -- mike cullerton




More information about the NCLUG mailing list