[Shorewall-newbies] One range and 2 network adapters

Tom Eastep teastep at shorewall.net
Fri Feb 13 15:52:11 PST 2004


On Friday 13 February 2004 02:52 pm, Tom Eastep wrote:
> On Friday 13 February 2004 11:40 am, mollo wrote:
> > Hello List,
> >
> > This is surely not a Shorewall issue, but permit I post my problem.
> >
> > Assume my ISP gave me 32 Ips : 195.1.1.96/27.
> >
> > I've _not_ other IP's, like a DSL router in another network!
> >
> > Address:   195.1.1.96
> > Netmask:   255.255.255.224 = 27
> > Wildcard:  0.0.0.31
> > =>
> > Network:   195.1.1.96/27          (Class C)
> > Broadcast: 195.1.1.127
> > HostMin:   195.1.1.97
> > HostMax:   195.1.1.126
> > Hosts/Net: 30
> >
> > I would setup a 3 card Firewall :
> >
> > eth0: 192.1.1.98   (net)
> >
> > eth1: 192.1.1.99   (dmz)
> >
> > eth2: 192.168.x.x  (loc)
> >
> > What's the way to have a correct routing between eth0 and eth1 without
> > splitting in subranges ? If there is a solution.
> >
> > If I define my card  like follow :
> >
> > eth0: 192.1.1.98/27 gateway .97
>
> No -- 192.168.1.98/32 gateway .97 and add a host route to .97.
>
> > eth1: 192.1.1.99/27 gateway .98
>

Also, no need to define a gateway on that interface. Hosts in your DMZ will 
use .99 as their gateway.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep at shorewall.net




More information about the Shorewall-newbies mailing list