Here's a way to think about this. A paradigm, if you would.
You want to have two logical networks. You call one as public
and the other private (and the two are connected via the
firewall in your picture). If there is such logical separation
there must be two network addresses. Your picture does not
reflect that. What I see is one network id, 192.x.y.
Given two network id's the box labeld as firewall will handle
passing or not passing of packetts from one net to the other.
Subnetting is a way to make two (or more) networks out of
one (legitimate) network id.
Bayer Research Center
> From firewalls-owner @
COM Tue Apr 4 19:43:14 1995
> Subject: firewalls and routing
> To: firewalls @
> Hi, I have a pretty basic question. I'll be setting up a Class-C network
> with a firewall and I'm unsure about sub-netting and routing. It would
> look something like this:
> | router |
> | 192.x.y.1 |
> | public net - webservers, etc
> | |
> ______|______ ____|_______
> | 192.x.y.2 | | WWW |
> | firewall | | 192.x.y.3 |
> | 192.x.y.4 | |___________|
> | private net
> | |
> ______|_____ _____|_____
> | 192.x.y.5 | | 192.x.y.6 |
> |___________| |___________|
> My question is how do I number the network for this setup and how
> is routing setup? I assume the router knows nothing about subnets
> and dumps all trafic for 192.x.y.0 onto the lan. Don't I have to
> subnet in order to split the network into 2 sections like this?
> If I subnet, isn't 192.x.y.1 no longer a good address? (it is in the
> all zero subnet)
> If I don't subnet, will I have to set up a static route for each
> machine on the public net?
> Thanks for the help.