Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Firewall Newbie Question

From: Joseph S D Yao <jsdy () cospo osis gov>
Date: Fri, 10 Dec 1999 11:28:01 -0500
On Mon, Dec 06, 1999 at 06:19:01AM -0800, Tom Gillon wrote:

I'm putting a Ukiah Netroad firewall into my network, and I'm having some 
problems getting traffic into and out of my network.  It seems to be a 
routing issue, and I was wondering if anyone had any ideas that would help 
me out.

Here's the situation:

Internet--Router A---Switch---Firewall---ATM Switch---Router B---Router C

The private network consists of 4 full Class C licenses and 1 Class C that 
is subnetted (/26).  Router C is an off-site facility that is directly 
connected into our network via a leased line.

When I set the firewall up, I gave the private NIC an IP address of one of 
the full Class C networks with no gateway address, per the setup 
instructions.  The problem I was having was that only computers on that 
Class C network could get Internet access.  The firewall did not know about 
the other Class C networks.  I had a static route on Router A to all of the 
Class C networks that pointed to the private NIC on the firewall, but 
computers on the other networks could not get access to the Internet.

So, my main question is how do I get the firewall to know about all of the 
separate internal networks.  Do I need a private NIC in the firewall for 
each network?


Each router in the series, and that includes the firewall, should know
        (a) that the networks to which it is directly connected are
            right there, and are subnetted at (...);
        (b) that the further-in networks (subnetted properly) are beyond
            the next router in, which should act as their "gateway";
        (c) that all other networks are beyond the next router on the
            Internet side, which (again) should act as their "gateway".

The firewall, of course, should let _NO_ IP through, but should have any
connections terminate at its proxies.

Hope this helps.

-- 
Joe Yao                         jsdy () cospo osis gov - Joseph S. D. Yao
COSPO/OSIS Computer Support                                     EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.
Previous By Date Next
Previous By Thread Next

Current thread: