Where to use public addressing
Danh
Member Posts: 59 ■■□□□□□□□□
in CCNA & CCENT
is the address space between a gateway router and firewall usually public or private.
Say my ISP gives me a block of addresses. 68.33.22.5 68.33.22.6 68.33.22.7 68.33.22.8
ie:
gateway router
|
| <
public or private space?
|
firewall----webserver
|
|
internal router
|
|
Say my ISP gives me a block of addresses. 68.33.22.5 68.33.22.6 68.33.22.7 68.33.22.8
ie:
gateway router
|
| <
public or private space?
|
firewall----webserver
|
|
internal router
|
|
Comments
-
lordy
Member Posts: 632 ■■■■□□□□□□
Well, to save addresses you could use private addresses here.
Public would do too, of course.Working on CCNP: [X] SWITCH --- [ ] ROUTE --- [ ] TSHOOT
Goal for 2014: RHCA
Goal for 2015: CCDP -
Danh
Member Posts: 59 ■■□□□□□□□□
Would this work?
s0-68.33.22.5
GATEWAY ROUTER
e0-68.33.22.6
|
|
|
e0-68.33.22.7
FIREWALL e1----webserver (68.33.22.
e2-192.168.1.1
|
|
|
e0-192.168.1.2
INTERNAL ROUTER
e1-10.10.0.1
|
|
Internal network -
lordy
Member Posts: 632 ■■■■□□□□□□
If your ISP only gives you 68.33.22.5/30 then you would have only .6 and .7 as usuable adresses so, no.
If however, they where part of a larger block like /29 or bigger this would work.Working on CCNP: [X] SWITCH --- [ ] ROUTE --- [ ] TSHOOT
Goal for 2014: RHCA
Goal for 2015: CCDP -
2lazybutsmart
Member Posts: 1,119
You're using a /26 mask on all the interfaces except those between the firewall and the internal router. now with the ip scheme you have, you're actually putting the E0s of the firewall and gateway on the same subnet as the ISP's rotuer.
Your mask gives you subnet's 0,64, etc... all the way upto 192 on the fourth octect and 0 to 255 on the second and third octects (because this is a Class A address). So the network between the ISP router and the gateway is on subnet 34.76.0. You need to change the subnet of the network between the gateway and firewall to be on a different subnet, perhaps subnet 34.76.64.
And once you get the design correct, then that setup won't just work, you'll have enable routing and NAT.
BTW, this firewall thing, is it a Cisco router called Firewal or something else (a firewal perhaps).
2lbs.Exquisite as a lily, illustrious as a full moon,
Magnanimous as the ocean, persistent as time. -
darkuser
Member Posts: 620 ■■■□□□□□□□
short answer
it would be publc
unless you're doing nat at the router for some reason.rm -rf / -
Danh
Member Posts: 59 ■■□□□□□□□□
So if you do NAT in your firewall, you HAVE to use public addressing in between gateway and firewall(outside int)
If you insist on private addressing between the gateway and firewall(outside int), you have to do double NAT? -
rossonieri#1
Member Posts: 799 ■■■□□□□□□□
Danh wrote:So if you do NAT in your firewall, you HAVE to use public addressing in between gateway and firewall(outside int)
If you insist on private addressing between the gateway and firewall(outside int), you have to do double NAT?
i'm sorry Danh,
i think dont bother to do NAT in FW etc...
please read the concept of NAT - get in depth. learn about private/public IPs.the More I know, that is more and More I dont know. -
QUIX0TIC
Member Posts: 277
I have gone to businesses before and setup equipment similar to what you are currently representing. I personally would setup NAT on the firewall. You are creating a DMZ like environment in which you can use public ip adxs on the specific equipment. I dont like using a public ip adx on the gateway router FE interface to the FW. You can always just give the FW an public ip adx but have that line be given a private ip adx. Your webserver and your out int gw router definitely needs a public ip adx. From there you can put holes in your network so the webserver can be seen from the outside with specific ACLs on the gw router and the firewall."To realize one's destiny is a person's only obligation."
