>
> Hi all,
>
> we have one question:
> Our firm now wants to connect to the internet, but we will get only
> one official IP-address. First, we believed this would be no problem
> because we'll use the 10.0.0.0 net as our internal network and we
> will be able to manage the connections over proxies.
> So we hoped a firewall could do two things: protect our privat network
> and connect every internal host against the internet.
> But unfortunatly, our router just needs our only official
> IP-address, and the firewall can only get a 10.x.y.z address.
This should not be required. Your ISP should provide an IP address for the
link from their router to yours. Then you use your allocated IP on the
firewall net and the 10.*.*.* behind the bastion. A picture:
Assume:
ISP uses net a.b.c for connections
You have been allocated f.g.h
Single homed bastion
ISP network
-------------------
|
|
ISP router
a.b.c.d
|
|
|
|
a.b.c.e
Your router
f.g.h.1
|
| f.g.h net
------------------
| |
| |
f.g.h.2 f.g.h.3
bastion router
10.0.0.1
|
|
V
inside net
Of course there are many ways to build your firewall but none of them
should require you to use your allocated net on the ISP-side of your
router.
Colin
Follow-Ups:
References:
|
|
