Where to use public addressing

is the address space between a gateway router and firewall usually public or private.

Say my ISP gives me a block of addresses. 68.33.22.5 68.33.22.6 68.33.22.7 68.33.22.8
ie:

gateway router
|
| <

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

lordy

Well, to save addresses you could use private addresses here.
Public would do too, of course.

Danh

Would this work?

s0-68.33.22.5
GATEWAY ROUTER
e0-68.33.22.6
|
|
|
e0-68.33.22.7
FIREWALL e1----webserver (68.33.22.

Danh

and im assuming i'll be doing all my NAT in the firewall?

lordy

If your ISP only gives you 68.33.22.5/30 then you would have only .6 and .7 as usuable adresses so, no.

If however, they where part of a larger block like /29 or bigger this would work.

Danh

Lordy,
how does this look?

http://www.streetneeds.com/uploads/ot/real_setup1.jpg

thanks

2lazybutsmart

You're using a /26 mask on all the interfaces except those between the firewall and the internal router. now with the ip scheme you have, you're actually putting the E0s of the firewall and gateway on the same subnet as the ISP's rotuer.

Your mask gives you subnet's 0,64, etc... all the way upto 192 on the fourth octect and 0 to 255 on the second and third octects (because this is a Class A address). So the network between the ISP router and the gateway is on subnet 34.76.0. You need to change the subnet of the network between the gateway and firewall to be on a different subnet, perhaps subnet 34.76.64.

And once you get the design correct, then that setup won't just work, you'll have enable routing and NAT.

BTW, this firewall thing, is it a Cisco router called Firewal or something else (a firewal perhaps).

2lbs.

darkuser

short answer

it would be publc

unless you're doing nat at the router for some reason.

Danh

So if you do NAT in your firewall, you HAVE to use public addressing in between gateway and firewall(outside int)

If you insist on private addressing between the gateway and firewall(outside int), you have to do double NAT?

rossonieri#1

Danh wrote:

So if you do NAT in your firewall, you HAVE to use public addressing in between gateway and firewall(outside int)

If you insist on private addressing between the gateway and firewall(outside int), you have to do double NAT?

i'm sorry Danh,
i think dont bother to do NAT in FW etc...
please read the concept of NAT - get in depth. learn about private/public IPs.

QUIX0TIC

I have gone to businesses before and setup equipment similar to what you are currently representing. I personally would setup NAT on the firewall. You are creating a DMZ like environment in which you can use public ip adxs on the specific equipment. I dont like using a public ip adx on the gateway router FE interface to the FW. You can always just give the FW an public ip adx but have that line be given a private ip adx. Your webserver and your out int gw router definitely needs a public ip adx. From there you can put holes in your network so the webserver can be seen from the outside with specific ACLs on the gw router and the firewall.