Hello,
I am currently using a Sonicwall firewall to protect a class C network of public IP addresses. The sonicwall allows me to specify which IP's will be on the DMZ port and the remainder are on the LAN port by default. I would like to replace this Sonicwall with a linux box and use iptables to firewall my network. However, I am as yet unable to see how to use my single class C network with both a DMZ and LAN without subnetting the Class C. I would prefer to specify a range of IP's to be on the DMZ in order to mimic the existing sonicwall. Any input would be greatly appreciated. -Thanks
First, the term Class C is a bit obsolete, as any IP range can be subnetted to any mod 2 size with modern devices and software.
Second, it is often fine to use free, unroutable IP's like 10.x.x.x inside the outer router, so do not chop up your bought nets unnecessarily.
Thanks for the reply, DGPickett. I agree, the term Class C is a bit obsolete. We have a set of IP's, publicly routable from
xxx.yyy.zzz.1 - xxx.yyy.zzz.254
For various reasons, we do not want to use a private address space inside the firewall immediately (although I hope to move to that scheme in the future).
In the short term, I am looking for how IPtables can be used to have some of the xxx.yyy.zzz addresses on the DMZ port and the remainder on the LAN port, without subnetting the xxx.yyy.zzz network.
Regards,
Well, two nets is two nets, and a firewall is a router. Maybe you can find a way to make it a bridge. Problem is, bridge traffic not normally presented to IP layer. I think your private era has started. With over 16 million addresses, no need to save them for the future. They actually improve security, making those hosts not addressable from the internet.