|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Linux 2.2 Firewall
|
> My question is that do I need the two sides of my FW to be two separate
> subnets? I.e. if my router is 192.168.1.1, should the external interface
> of the FW be 192.168.1.2, with a mask of 255.255.255.252, and the internal
> interface be 192.168.1.5, with a mas of... grrr... everything above .4 (I
> can never figure those out).
Yes. On our LAN, the external interface of the FW is one of our registered
node numbers (we have 60 nodes from our ISP, 1/4 of a Class C). Your
internal is your private, 192.168.1.2 address. But we do NAT (MASQ'ing, in
Linux-speak), tho, which may make it different than just forwarding..
> Also, should the LAN systems then use the FW or the router for their
> gateway?
FW. If you use the router, you'll be bypassing the FW completely. You want
everybody to go thru the firewall, which THEN goes out the router.
______________________________________________________________________
Philadelphia Linux Users Group - http://plug.nothinbut.net
Announcements - http://lists.nothinbut.net/mail/listinfo/plug-announce
General Discussion - http://lists.nothinbut.net/mail/listinfo/plug
|
|