Great Circle Associates Firewalls
(September 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Routing, FW-1, and NAT
From: Ryan Russell/SYBASE <Ryan . Russell @ sybase . com>
Date: 6 Sep 97 8:45:46 EDT
To: Drexx Laggui <drexx @ pspi . com . ph>
Cc: firewalls <firewalls @ GreatCircle . COM>, fw-1-mailinglist <fw-1-mailinglist @ us . checkpoint . com> 
Why do you need RIP at all?  Is there a reason
you can't define a default gateway on the internal
machines, and static routes on the two routers and
the firewall?

   Ryan

---------- Previous Message ----------
To: firewalls, fw-1-mailinglist
cc: 
From: drexx @ pspi.com.ph (Drexx Laggui) @ smtp
Date: 09/06/97 01:25:25 PM
Subject: Routing, FW-1, and NAT

Hello world,

I'm getting tired of RIP. Really. It is so dynamically unpredictable. You
see, I'm on my third project case that involves an established corporation
deciding to connect the Internet with an internal class C address of 192.9.x.x

To illustrate a typical setup:

192.9.x.x <-> Cisco 2500 <-> FW-1 v3.0 <-> Cisco 2500 <-> Internet
                               ^
                               |
                           Cisco 2509
                            192.9.x.x

With the only legal IP addresses I have is at the side of FW-1 facing the
world, I have to do automatic network address translation (NAT) for the
properly subnetted intranet. 

I had no choice but to run RIP yet with an entry in the /etc/gateways of
"norip le0", wherein le0 is my external interface so that I could at
least connect to the Internet. RIP is definitely running within the
intranet.

Fiddling around with the "route add default a.b.c.d x" for the intranet 
objects doesn't really seem to work. Does anybody have an FAQ on setups
like this? Did anybody even manage to setup stuff like this? Anybody can
give me pointers on how to properly install/configure static routing in
this case?

I have assumed that internal RIP use is critical because the 192.9.x.x
addresses are very active in the Internet (eg: www.sun.com = 192.9.9.100).
Can anybody prove me otherwise?

many, many thanks,
Drexx.
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
         ______
        /_____/\ DEXTER D. LAGGUI
       /_____\\ \ Systems Engineer, CSD-TSR 
      /_____\ \\ / PHILIPPINE SYSTEMS PRODUCTS INC.
     /_____/ \/ / / Penthouse, Corporate Business Center
    /_____/ /   \//\ 150 Paseo de Roxas Ave., Legaspi Village
    \_____\//\   / / Makati City, Philippines
     \_____/ / /\ /          
      \_____/ \\ \ Phone: (++ 63-2) 813-6453 to 55 loc. 222
       \_____\ \\ Fax  : (++ 63-2) 813-3516
        \_____\/ Email: drexx @
 pspi .
 com .
 ph

=+=+=+=+=+=+ This e-mail is made from 100% recycled electrons. +=+=+=+=+=+=
Indexed By Date Previous: Re: how do I test a firewall?
From: "Gregg Earnhart" <ge @ gte . net>
Next: Disguise (Servers)
From: David Beldam <dbeldam @ the-wire . com>
Indexed By Thread Previous: Re: Routing, FW-1, and NAT
From: "Glenn Cook" <glenn @ wizard . net>
Next: Re: Routing, FW-1, and NAT
From: Travis Low <tlow @ mindq . com>
Google
 
Search Internet Search www.greatcircle.com