Re: subnetting question

Wed, 29 Nov 2000 10:13:51 -0800 

                Hi Charles,

> Now, with my new [planned] setup I am obviously confused! How would I get
> my ISP to route to my gateway? What Ip would it need to be (i'm assuming
> 136), or does it not matter? 

 Your router probably needs to have a DNS entry, but at least it should be in 
the routing tables of your ISP. If they want you to do this, and if it fits in 
their addressing scheme. They will probably charge you administration costs 
for this. Maintainance costs will not be to high, I guess.
 Your gateway could have any address in the range, except the network and 
broadcast address, so either 137 or 138 in your case. Usually a gateway has 
the first address in a network, so 137. Definitely not the network address 
(136).  If you'ld get 4 more addresses (140 -143) you'ld have 8 - 2 usable 
addresses (and the broadcast address would become 143).

> > I guess
> > you'll end up aliasing the external interface of the gateway with the
> > 4 IP addresses and forwarding the necessary ports.
> 
> I may very well end up doing
> this, but doesn't this defeat the point of having a DMZ then?

 You could forward anything to these machines, so you'ld have some sort of 
DMZ, but not in the exact sense.

> ok, this was probably the crux of my questions. Just to be clear, are you
> say that *yes* I can do this and the rule will apply to all 4 ips?
>
> ipchains -A input -i eth1 -y -p TCP -d a.b.c.136/30 --destination-port
>:1023 -j DENY -l

 Yes. But remember to set your netmask on the interface to the one your ISP 
specified, not to 30.

> I started down the road of denying
> those without logging first, but then noticed that packets destined for other
> hosts than mine were getting logged too. 
> 
> Anyway, so then I thought what I should be doing is *only* be looking at
> the traffic that is destined for my box in the first place. And this is
> how I go to wondering if I could use the 255.255.255.252 netmask to
> specify all 4 in one rule.

 You should only set rules for addresses you own, but I guess you figured that 
out by now.

                                        Bye,

                                        Leonard.



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to