Date: Thu, 4 Nov 1999 10:19:34 -0800 (PST) From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> To: danderse@cs.utah.edu (David G Andersen) Cc: scott@computeralt.com (Scott I. Remick), freebsd-security@FreeBSD.ORG Subject: Re: Firewall questions Message-ID: <199911041819.KAA50123@gndrsh.dnsmgr.net> In-Reply-To: <199911041525.IAA06533@faith.cs.utah.edu> from David G Andersen at "Nov 4, 1999 08:25:32 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> > 4) How do I properly set up routes for a dual-homed firewall where both > > sides are within the same class C? This is the first time I've ever had to > > play with routing and gateways. > > Subnet them into /25's, or use RFC1918 addresses on the inside. Variable length subnet them into a /30 between the firewall and the outside router, use the rest inside. I generally don't put more than 32 or 64 IP's on one ethernet segment and don't use proxy arp or number virtuals (see ARIN guidlines on IP space usage). ifconfig_ed0="inet A.B.C.2 netmask 0xfffffffc" ifconfig_ed1="inet A.B.C.33 netmask 0xffffffe0" You can use the rest by routing them off someplace else later. You should also really do a proper IP space plan... -- Rod Grimes - KD7CAX @ CN85sl - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911041819.KAA50123>