routing problem - fork on gateways
Jeremy Fowler
JFowler at westrope.com
Wed Aug 31 14:43:41 CDT 2005
> Internet - cablemodem - 10.1.1.1 firewall
> 10.1.1.2 router / squid / dhcp / email
> all internal here
>
> by your convention, maybe .2 should become .254
>
> everything is a linux box in the net
>
So your router and firewall are two separate machines? Seems redundant to me, most firewalls do routing as well. The only reason you would need a router is if the firewall wasn't on the same subnet.
10.1.1.1/24 10.1.1.2/24
(Internet) --- [ firewall ] --- [ router ]
| |
|---[ host1 ]---|
10.1.1.30/24
You can see here that you can get to the internet by going thru the router, but because the router and the firewall are on the same subnet, you can just go directly to the firewall. You just add an extra hop that is not needed and just eats up network and computer resources.
If the firewall was on a different subnet, then you would need a router:
10.1.0.1/24 eth0: 10.1.0.254/24
(Internet) --- [ firewall ]-------------[ router ]-----------[ host1 ]
eth1: 10.1.1.254/24 10.1.1.30
Here, host1 needs the router to reach the 10.1.0.0/24 subnet.
More information about the Kclug
mailing list