[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Partition off a class C within a 10.x.x.x RFC 1918 net
Yup, use 172.16.0.0 or 192.168.0.0. The easy way wins. -----Original Message----- From: Greg Winkler [mailto:[email protected]] Sent: Thursday, November 30, 2000 12:32 PM To: [email protected] Subject: [FW1] Partition off a class C within a 10.x.x.x RFC 1918 net We use a 10.x.x.x network internally per RFC 1918. Up until today I've used a network object of 10.0.0.0 with a mask of 255.0.0.0 to refer to all of my internal hosts. It has been very convenient to use this in my rules, for example "internal any http accept". I now have a need to "partition off" a class C subnet from that 10.x.x.x range, for example 10.250.1.x. This class C net will become a fourth leg on a firewall, that can no longer be considered part of my "internal" network. My issue is how do I define an object or objects that will let me differentiate in my rules between my internal 10.x.x.x net and this oddball 10.250.1.x net. Ideally I would have an object that included all of my 10.x.x.x networks EXCEPT for 10.250.1.x. I've puzzled myself trying to come up with a subnetting scheme and a network object to no avail. The idea of actually creating object for my literally hundreds of internal 10.x.x.x networks is unappealing to say the least. My other option is to grab one of the other RFC 1918 nets and use this for the fourth leg. But that would be TOO easy and I wanted to see if there might be a way to do it some other fashion. ---------------------------------------------------------------------------- ------------ Greg Winkler Systems Manager, IT&S Huntsman Corporation Internet Mail: [email protected] Voice:Fax:============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|