[NCLUG] firewall nic config
mike cullerton
michaelc at cullerton.com
Fri Apr 26 07:22:43 MDT 2002
On Thursday, April 25, 2002, at 07:37 PM, William Dan Terry wrote:
> On a firewall with one ethernet card for connecting to the LAN and
> one connecting to the Net is there a way to set the netmask or
> something else to split a class C so that most of the addresses are
> on the inside and only a small number are on the outside? If not, is
> there any reason I couldn't add 2 more NICs and at least set the
> netmasks for the 4 NICs each have a quarter of the class C and
> connect three to an inside hub? I've never configured a firewall
> (ipchains) for more than 2 interfaces. Is it doable?
>
a class c (or more appropriately a /24 these days) can be split many
ways. all 'pieces' must be of a size that is a power of 2 (ie,
0,2,4,8,16...) and they must all start on a 'zero' boundary.
[i'll talk about this at an nclug meeting on the tcp/ip topic,
possibly in may.]
you could break it into 0-63, 64-127 and 128-255. this would be
a.b.c.0/26 (255.255.255.192)
a.b.c.64/26 (255.255.255.192)
a.b.c.128/25 (255.255.255.128)
another option is
a.b.c.0/27 // this is 0-31 (255.255.255.224)
a.b.c.32/27 // 32-63 (255.255.255.224)
a.b.c.64/26 // 64-127 (255.255.255.192)
a.b.c.128/25 // 128-255 (255.255.255.128)
hope this helps,
mike
-- mike cullerton
More information about the NCLUG
mailing list