Internet - cablemodem - 10.1.1.1 firewall 10.1.1.2 router / squid / dhcp / email all internal here
by your convention, maybe .2 should become .254
everything is a linux box in the net
So your router and firewall are two separate machines? Seems redundant to me, most firewalls do routing as well. The only reason you would need a router is if the firewall wasn't on the same subnet.
10.1.1.1/24 10.1.1.2/24 (Internet) --- [ firewall ] --- [ router ] | | |---[ host1 ]---| 10.1.1.30/24
You can see here that you can get to the internet by going thru the router, but because the router and the firewall are on the same subnet, you can just go directly to the firewall. You just add an extra hop that is not needed and just eats up network and computer resources.
If the firewall was on a different subnet, then you would need a router:
10.1.0.1/24 eth0: 10.1.0.254/24 (Internet) --- [ firewall ]-------------[ router ]-----------[ host1 ] eth1: 10.1.1.254/24 10.1.1.30
Here, host1 needs the router to reach the 10.1.0.0/24 subnet.
On 8/31/05, Jeremy Fowler JFowler@westrope.com wrote:
So your router and firewall are two separate machines? Seems redundant to me, most firewalls do routing as well. The only reason you would need a router is if the firewall wasn't on the same subnet.
No, it's standard practice for the ultraparanoid.
The idea is, if your outer wall is compromised, hopefully you can limit the damage before Kevin Mitnick gets all the way into your shorts.
You might want to put a honeypot in there too.
On Wednesday 31 August 2005 19:43, Jeremy Fowler wrote:
Internet - cablemodem - 10.1.1.1 firewall 10.1.1.2 router / squid / dhcp / email all internal here
So your router and firewall are two separate machines? Seems redundant to me, most firewalls do routing as well. The only reason you would need a router is if the firewall wasn't on the same subnet.
Most people don't have the code necessary to combine a cablemodem with a firewall...
-
David Nicol -
Jeremy Fowler -
Luke-Jr