At 9:41 AM 10/5/94 -0600, Brent McClure wrote:
>In reviewing the notes from a workshop on firewalls I found a specific
>description of an "ideal" firewall setup that involves setting up
>a perimeter network that has its own class C address. The statement was
>made that it is "easy to get another class C address from the NIC for
>your perimeter net".
>I have been informed by our internet provider that he's not that thrilled
>to give up one of the addresses from his block for this purpose, and I
>suspect that the NIC isn't glad to see more addresses gobbled up in this way.
>Yes, I know there are millions left, but at one point we probably thought there
>were though class B addresses too.
>Since it appears that a single dual-homed host as a firewall has limitations,
>then isn't there a solution using a perimeter network that can be implemented
>where the perimeter network is simply a subnet of your current address rather
>than having to ask for another address?
It is possible to use just one class C address to build a firewall. Use
"Class C subnetting". By taking a Class C address and subnetting it into
smaller networks you can build three separate networks off of one class C
Addresses Subnet Mask
Allows you to have a network number (220.127.116.11), a router (18.104.22.168), two
hosts (22.214.171.124, 126.96.36.199), and a broadcast (188.8.131.52). The other side
of the firewall has the same netmask and the next set up of IP addresses.
On the other side of the internal router you have, I think, 243 addresses
left in the Class C space. Now, you might need more than this, but then
you would probably need another Class C soon anyways...
Daniel W. Woycke |"I went out drinking with Thomas
Information Engineer (c) 1992|Paine..." -- Billy Bragg
The MITRE Corporation |"But I am still thirsty..."
7525 Colshire Drive (MS Z213)|-- Arrested Development
McLean, VA 22102 |These opinions are mine and are not
org |and will not be held by anyone else.