Re: [SLUG] Firewall/router question

From: Smitty (a.smitty@verizon.net)
Date: Fri Nov 15 2002 - 14:07:18 EST


Thanks for all the helpful replies. After I got it set up, it turns out the
D-Link nic DFE-530TX+ won't work. A search revealed it has a buggy linux
driver. Back to the supplier.
Smitty

On Thursday 14 November 2002 16:17, you wrote:
> On Thu, 14 Nov 2002, Smitty wrote:
> > I am setting up my old linux box as a firewall/ router with an ethernet
> > connection to the new box and isp. Is there a particular address I would
> > use to designate the new box?
> > Smitty
>
> RFC 1918
> http://www.ietf.org/rfc/rfc1918.txt
>
> In chapter 3 says:
>
> The Internet Assigned Numbers Authority (IANA) has reserved the
> following three blocks of the IP address space for private internets:
>
> 10.0.0.0 - 10.255.255.255 (10/8 prefix)
> 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
> 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
>
> I've usually seen that large corporate networks use the 10.x.y.z address
> space which, when subnetted into smaller networks, gives them sufficient
> flexibility. Most home LANS (including mine) use 192.168.y.z, typically
> with a 255.255.255.0 (24 bit) subnet mask. I don't think I'll ever have
> more than 254 hosts on a subnet. I don't think I'll ever have more than
> 254 subnets either. Currently I have 2 subnets, 192.168.100.0/24 and
> 192.168.200.0/24. Occassionally, I bring up a 192.168.150.0/24 or others
> to play with new toys. Also, many people use the .1 address for the
> gateway.
>
> So the LAN-facing interface on your firewall could be:
> Address: 192.168.100.1
> Mask: 255.255.255.0
> Broadcast: 192.168.100.255
> Network: 192.168.100.0
> The WAN-facing interface on your firewall would presumably be assigned by
> your ISP's DHCP server.
>
>
> The interface on your workstation that faces your new firewall could be:
> Address: 192.168.100.50
> Mask: 255.255.255.0
> Broadcast 192.168.100.255
> Network: 192.168.100.0
> Gateway: 192.168.100.1
>
> If I'm running a DHCP server for that subnet I usually hold the bottom of
> the address range back for static address devices and let DHCP hand out
> the upper addresses. Something like 192.168.100.1 through 50 for static
> and 192.168.100.51 through 192.168.100.250 for DHCP.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:56:06 EDT