[NCLUG] Re: firewall nic config

William Dan Terry william.terry at knotworks.com
Sat Apr 27 11:54:34 MDT 2002 

> Message: 3
> Date: Fri, 26 Apr 2002 07:22:43 -0600
> Subject: Re: [NCLUG] firewall nic config
> From: mike cullerton <michaelc at cullerton.com>
> To: nclug at nclug.org
> Reply-To: nclug at nclug.org
> 
> 
> On Thursday, April 25, 2002, at 07:37 PM, William Dan Terry wrote:
> 
> > On a firewall with one ethernet card for connecting to the LAN and 
> > one connecting to the Net is there a way to set the netmask or 
> > something else to split a class C so that most of the addresses are 
> > on the inside and only a small number are on the outside? If not, is 
> > there any reason I couldn't add 2 more NICs and at least set the 
> > netmasks for the 4 NICs each have a quarter of the class C and 
> > connect three to an inside hub? I've never configured a firewall 
> > (ipchains) for more than 2 interfaces. Is it doable?
> >
> 
> a class c (or more appropriately a /24 these days) can be split many 
> ways. all 'pieces' must be of a size that is a power of 2 (ie, 
> 0,2,4,8,16...) and they must all start on a 'zero' boundary.
> 
> [i'll talk about this at an nclug meeting on the tcp/ip topic, 
> possibly in may.]
> 
> you could break it into 0-63, 64-127 and 128-255. this would be
> 
> a.b.c.0/26   (255.255.255.192)
> a.b.c.64/26  (255.255.255.192)
> a.b.c.128/25 (255.255.255.128)
> 
> another option is
> 
> a.b.c.0/27    // this is 0-31   (255.255.255.224)
> a.b.c.32/27   // 32-63          (255.255.255.224)
> a.b.c.64/26   // 64-127         (255.255.255.192)
> a.b.c.128/25  // 128-255        (255.255.255.128)
> 
> hope this helps,

Helps a lot if I can get ipchains to consider one nic as outside and the rest as inside. That's what I'm not sure of. Is this possible?

In my case I'd be doing
0/25
128/26
192/27
224/27
as my router/gateway to the world is .254

Peace, William

___________W__i__l__l__i__a__m_____D__a__n_____T__e__r__r__y___________
How do we acquire wisdom along with all these shiny things? -David Brin

    PGP public key:     http://www.knotworks.com/wdt_pgp_pubkey.asc
    fingerprint:   DC 80 E4 18 E2 CB AC F4  8C 59 9B 9C BB A2 D7 4B

More information about the NCLUG mailing list