Re: Firewall configuration questions.

["Paul D. Robertson" <proberts () clark net>]

On Thu, 20 Apr 2000, John Morey wrote:

> 1) Is  possible, using Linux, to setup a firewall such that it has public IP addresses on both
> sides.  I thought I read something about this some time back but I can not find it now.  If I 
> remember correctly the trick had to do with putting both network interfaces on the same network
> but giving the external interface a network mask of 255.255.255.252 and the internal interface
> a network mask of 255.255.255.0.

Why subnet?  Why not put a different address on the outside?

> 2) If the above is possible, is it advisable?  What are the up and downs as apposed to doing it
> the "normal" way where the internal machines have private IP addresses?

If you're seeking to subnet your address space, it's fine as long as you
have everything on the linux box set up correctly with the subnet in mind 
(eg. filter rules, routing...), if you're looking for a way to populate
the addresses before a router, then routing tables are your best bet with
a new RFC 1918 net between the box and the router, or interface routing
(though I've never tried it on Linux and IP unnumbered on the router.)

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () clark net      which may have no basis whatsoever in fact."
                                                                     PSB#9280