Firewall Wizards mailing list archives
Re: Firewall Newbie Question
From: Joseph S D Yao <jsdy () cospo osis gov>
Date: Fri, 10 Dec 1999 11:28:01 -0500
On Mon, Dec 06, 1999 at 06:19:01AM -0800, Tom Gillon wrote:
I'm putting a Ukiah Netroad firewall into my network, and I'm having some problems getting traffic into and out of my network. It seems to be a routing issue, and I was wondering if anyone had any ideas that would help me out. Here's the situation: Internet--Router A---Switch---Firewall---ATM Switch---Router B---Router C The private network consists of 4 full Class C licenses and 1 Class C that is subnetted (/26). Router C is an off-site facility that is directly connected into our network via a leased line. When I set the firewall up, I gave the private NIC an IP address of one of the full Class C networks with no gateway address, per the setup instructions. The problem I was having was that only computers on that Class C network could get Internet access. The firewall did not know about the other Class C networks. I had a static route on Router A to all of the Class C networks that pointed to the private NIC on the firewall, but computers on the other networks could not get access to the Internet. So, my main question is how do I get the firewall to know about all of the separate internal networks. Do I need a private NIC in the firewall for each network?
Each router in the series, and that includes the firewall, should know (a) that the networks to which it is directly connected are right there, and are subnetted at (...); (b) that the further-in networks (subnetted properly) are beyond the next router in, which should act as their "gateway"; (c) that all other networks are beyond the next router on the Internet side, which (again) should act as their "gateway". The firewall, of course, should let _NO_ IP through, but should have any connections terminate at its proxies. Hope this helps. -- Joe Yao jsdy () cospo osis gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies.
Current thread:
- Firewall Newbie Question Tom Gillon (Dec 06)
- Re: Firewall Newbie Question Joseph S D Yao (Dec 12)