I agree with Bill. Keep them completely seperate, and you will find it
easier to comprehend and implement.
On Tue, 21 Mar 2000, Ward William E PHDN wrote:
> All I can think of is that your numbering looks like it's going to
> be a nightmare.
>
> For the Win95 box and the 6.1 IPMasq box, use one subnet....
> say 192.128.67.64 and 192.128.67.65 for those two connected nics.
>
> Use a DIFFERENT (totally different!) subnet for the other nics.
> 10.1.1.100-10.1.1.105 or whatever... figure out a totally different
> subnet. That way, you don't have to worry about what subnet the
> IPMasq machine is on. You're getting mucho complicated in trying to
> send out, but you increase you security a bit further. The gateway
> box should be a gateway to two different subnets, and should they
> should be DISTINCTLY different.
you said:
>
> I thought I would use IPchains rules to keep intruders out of
> Box-2, 3, 4, 5, etc.... and I thought that it might be
> better to use separate network numbering between
> Box-1/Nic-1 and Box-2/Nic-1 to help accomplish that goal.
> But if I don't need to I won't.
yes, use seperate subnets.
the valid private address spaces are
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
as others have said, avoid the 0 subnets since some software can give
trouble with them.
Pick the one you like the best and use it for
your lan inside the firewall (sine you will keep that longer) and use the
other for the win95/dual modem - linux gateway connection.
> You once mentioned to me of the dangers of using 192.168.127.*
> anything... maybe this is the time to switch to the 10.*.*.*
> private IP numbers ? What do you think about this?
If I said that, then I apologize. I shouldn't have. It's perfectly ok. I'm
no expert at this stuff, so if there is any doubt, ignore my advice :)
how about this
> > > [ISP]
> > > |
> > > V
> > > | |=Box-1 ISP DialUp via Modem
> > > >-----|---'56k SupraSonic DUAL LINE modem= "106 K" in Win95'
> > > |
> > > |=Win-95 [ with a server s/w installed ]
> | GATEWAY is set by PPP
> > > |
> > > >-----|---'NIC-1'= 10.1.1.1 Mask= 255.255.255.0
> > > |
> > > |
> > > >-----|---'NIC-1'= 10.1.1.2 Mask= 255.255.255.0
> > > | Box-2 THE GATEWAY for this box is 192.168.127.64
> > > |=LINUX RH 6.1 [ with IPCHAINS... installed ]
> > > >-----|---'NIC-2'= 192.168.127.1 Mask= 255.255.255.0
> > > |
> > > |
> > > >--|==LynkSys HUB, 10BT, 5 ports
> > > |
> > > | THE GATEWAY for all boxes below is 192.168.127.1
> > > |
> > > |--Box-3, NIC-1= 192.168.127.2 Mask= 255.255.255.0
> > > |
> > > |--Box-4, NIC-1= 192.168.127.3 Mask= 255.255.255.0
> > > |
> > > |--Box-5, NIC-1= 192.168.127.4 Mask= 255.255.255.0
BTW, I hope you can get cable or DSL soon. A second phone line and 2
dialup accounts costs more than cable or DSL, but with less bandwidth.
charles
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
