Firewall Wizards mailing list archives
Classes of firewalls (based on IP utilization)
From: "list tracker" <list_tracker () hotmail com>
Date: Sun, 25 Feb 2001 10:42:59 -0000
So far, I have created the following types of firewalls:1. One subnet (or even one IP) on the external interface, and another subnet of fake IPs on the internal, using NAT one <--> many.
2. One subnet of real IPs on the external, and one subnet of real IPs on the internal, with a next-hop route from the external subnet to the internal (said next hop route is set up on the router the firewall connects outwards to)
I am wondering what can be done if I want to use ONLY real IPs, but I also only want to use ONE subnet. If I have a /24, with no subnets, and the router is .1, and the FW external is .2, and the FW internal is .3 and workstations are .4 - .254 ... is there a way to work this ?
My thought is that a static route will have to be created on the firewall for every single workstation IP being protected.
Is this correct? Further, is it an appropriate way to solve this problem (given the constraints of no subnetting and no NAT) ?
Finally, are these the only three major ways of arranging IPs for firewalling - the three ways being: NAT (one to many, or a combination of one to many and some to some), two subnets of real IPs - one announcing the next one, and what I just described: one subnet, static route for each IP on the other side of the FW.
Or are there some other, qualitatively different configurations ?Any comments, especially those on the goodness/badness of what I have proposed (one subnet, lots of static routes) are appreciated.
thanks, LT _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Classes of firewalls (based on IP utilization) list tracker (Feb 26)
- Re: Classes of firewalls (based on IP utilization) Crist Clark (Feb 26)
- <Possible follow-ups>
- RE: Classes of firewalls (based on IP utilization) Todd Barlow (Feb 26)
- RE: Classes of firewalls (based on IP utilization) Loomis, Rip (Feb 27)