Why don't you subdivide your class C?
[ internet ]---nic1[ Firewall ]nic2---[ your hub ]---nicX[ your servers ]
Let's supose your class C is: 222.222.222.000/24
nic1 could be 222.222.222.1/25
(network 222.222.222.0, netmask 255.255.255.128, broadcast 222.222.222.127)
nic2 could be 222.222.222.129/25
nicX could be 222.222.222.[130-254]/25
(network 222.222.222.128, netmask 255.255.255.128, broadcast 222.222.255)
Note1: Couple years ago a professor said that some old router can't handle
this subdivision because of the first network (222.222.222.0). I've never
seen a router that can't work with it. Does any one have any information
about this.
Note2: You will lose 125 IPs in the first network if you don't have any
other machine in it.
And sorry if it's not what you wanted.
Bruno Gimenes Pereti.
----- Original Message -----
From: "Benjamin Stocker" <bstocker@media-plus.ch>
To: <security-discuss@linuxsecurity.com>
Sent: Tuesday, November 27, 2001 1:53 PM
Subject: Linux Firewall
>
> Hy all,
>
> I maintain a small Hosting center with 6 webservers, fax, pop3-mail.
> etc. I only have one C Subnet! I would like to protect my servers with a
> iptables firewall. Unfortunately, it seems to be odd to put the fw AND
> the servers in the same subnet.
>
> It seems to be possible to install two NIC's in the firewall and point
> one of them to the Net, the other to the webservers, but both configured
> for the same subnet. But that configuration seems to be rare and I
> cannot find documentation about it.
>
> What's your opinion?
> Many thanks, Benjamin
>
>
> ------------------------------------------------------------------------
> To unsubscribe email security-discuss-request@linuxsecurity.com
> with "unsubscribe" in the subject of the message.
>
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
