[NCLUG] firewall nic config
mike cullerton
michaelc at cullerton.com
Fri Apr 26 07:25:33 MDT 2002
On Thursday, April 25, 2002, at 07:54 PM, Matthew Wilcox wrote:
> On Thu, Apr 25, 2002 at 07:37:44PM -0600, William Dan Terry wrote:
>> On a firewall with one ethernet card for connecting to the LAN and
>> one connecting to the Net is there a way to set the netmask or
>> something else to split a class C so that most of the addresses are
>> on the inside and only a small number are on the outside? If not,
>> is there any reason I couldn't add 2 more NICs and at least set the
>> netmasks for the 4 NICs each have a quarter of the class C and
>> connect three to an inside hub? I've never configured a firewall
>> (ipchains) for more than 2 interfaces. Is it doable?
>
> Could you word-wrap please? It makes your text easier to read.
>
> Really, this is not a good idea, and if the hosts inside aren't
> reachable
> from the outside at all, use the private address ranges (192.168/16,
> 172.16/12, 10/8).
not sure i agree here. there are plenty of valid reasons to have
'real' ip addresses on a lan, and subnetting is as normal as it gets
with tcp/ip these days.
did i not understand what you meant?
mike
-- mike cullerton
More information about the NCLUG
mailing list