I was wondering how I should set up the IP networks for a screened subnet
type firewall. I have a single class C and am setting up a domain now.
I was wondering if I should split my class C in two with subnetting and
put half the IP's on the perimeter net (DMZ) and half on my internal net.
This seems kind of wasteful...I don't think I'll need 128 service hosts
or bastion hosts, but would probably be more straight forward to set up.
On the other hand, I guess I could put all 256 IP's on the perimeter net
and use IP masquerade to translate one of the private nets 192.168.x.0
on my internal network.
This may require more effort to set up and get working properly... and
maybe less extensible...I've heard there are some services that can't
be "opened-up" with masquerading.
inet <--> outer <--> perimeter <--> inner <--> internal
router net router net
Henry Hollenberg speed @