NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Partition off a class C within a 10.x.x.x RFC 1918 net



Yup, use 172.16.0.0 or 192.168.0.0. The easy way wins.

-----Original Message-----
From: Greg Winkler [mailto:[email protected]]
Sent: Thursday, November 30, 2000 12:32 PM
To: [email protected]
Subject: [FW1] Partition off a class C within a 10.x.x.x RFC 1918 net



We use a 10.x.x.x network internally per RFC 1918. Up until today I've used
a network object of 10.0.0.0 with a mask of 255.0.0.0 to refer to all of my
internal hosts. It has been very convenient to use this in my rules, for
example "internal any http accept". I now have a need to "partition off" a
class C subnet from that 10.x.x.x range, for example 10.250.1.x. This class
C net will become a fourth leg on a firewall, that can no longer be
considered part of my "internal" network.

My issue is how do I define an object or objects that will let me
differentiate in my rules between my internal 10.x.x.x net and this oddball
10.250.1.x net. Ideally I would have an object that included all of my
10.x.x.x networks EXCEPT for 10.250.1.x. I've puzzled myself trying to come
up with a subnetting scheme and a network object to no avail. The idea of
actually creating object for my literally hundreds of internal 10.x.x.x
networks is unappealing to say the least.

My other option is to grab one of the other RFC 1918 nets and use this for
the fourth leg. But that would be TOO easy and I wanted to see if there
might be a way to do it some other fashion.

----------------------------------------------------------------------------
------------

Greg Winkler
Systems Manager, IT&S
Huntsman Corporation
Internet Mail: [email protected]
Voice:Fax:============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.