From: "Shaun T. Erickson" <ste@smxy.org>
To: ste@smxy.org
Cc: netfilter@lists.netfilter.org
Subject: Re: Need to replace a SonicWall firewall with an iptables firewall.
Date: Mon, 30 Aug 2004 14:41:01 -0400 [thread overview]
Message-ID: <413374BD.7050701@smxy.org> (raw)
In-Reply-To: <41334F72.4010402@smxy.org>
I wrote:
> However, I'm not sure how to handle the external network and the DMZ. We
> have a /28 subnet from our ISP. Our router uses one address on the
> subnet. From the router, you proceed to a switch, where three devices
> are plugged in: a wireless access point, a VPN device, and the external
> interface of the SonicWall firewall. All three devices have addresses on
> the same /28 subnet as the router. Additionally, the SonicWall's DMZ
> interface does not have and address assigned to it - it is somehow
> logically bridged to the external interface. The systems in the DMZ are
> also on the same /28 subnet. You tell the SonicWall which IP addresses
> are in use in the DMZ, so that it knows which interface to send traffic
> for that subnet out of. Internal traffice, heading out either the
> external or DMZ interfaces of the SonicWall, appear to come from the
> external address of the SonicWall. I have no idea how to replicate this
> setup under iptables.
It occurs to me that I'm running out of IPs anyway, so maybe what I
should do is get two subnets from my ISP: a subnet of 16 (14 usable)
addresses for the router, the firewall's external interface, and
everything in between, and a subnet of 32 (30 usable) addresses for my
DMZ. That would work, yes?
-ste
next prev parent reply other threads:[~2004-08-30 18:41 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-08-30 16:01 Need to replace a SonicWall firewall with an iptables firewall Shaun T. Erickson
2004-08-30 18:41 ` Shaun T. Erickson [this message]
-- strict thread matches above, loose matches on Subject: below --
2004-08-30 19:30 Jason Opperisano
2004-08-30 20:23 ` Shaun T. Erickson
2004-08-30 20:41 Jason Opperisano
2004-08-30 21:11 ` Shaun T. Erickson
2004-08-30 20:45 Jason Opperisano
2004-08-30 22:23 Daniel Chemko
2004-08-31 0:02 ` Nick Drage
2004-08-30 22:25 Jason Opperisano
2004-08-31 13:47 ` Shaun T. Erickson
2004-08-31 14:11 Jason Opperisano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=413374BD.7050701@smxy.org \
--to=ste@smxy.org \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.