NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Partition off a class C within a 10.x.x.x RFC 1918 net



Not off track Anders - spot on.

The wonders of DHCP! Tell all the clients
about the new route and voila. I would agree
with the other post, that starting out with a
subnet of a larger class is wiser and easier
to grow into.

Or you could take the easy route and
give them another RFC1918 class.

Robert

- -
Robert P. MacDonald, Network Engineer
Team Lead, e-Business Infrastructure
G o r d o n   F o o d    S e r v i c e
Voice:email: [email protected]

>>> "Reed Mohn, Anders" <[email protected]> 11/30/00 6:31:03 PM >>>
>
>Uhhm..  I might be off-track here,
>but what happens to a client in
>the 10.0.0.0/8 network who wants to
>talk to someone in 10.250.1.0/24?
>
>Since any 10.0.0.0 address is assumed to
>be local, no packet ever makes it to the
>FW/router/gateway.
>
>Or..?
>
>Anders :)
>
>-----Original Message-----
>From: Christine Tran [mailto:[email protected]] 
>Sent: 30. november 2000 23:06
>To: [email protected] 
>Subject: Re: [FW1] Partition off a class C within a 10.x.x.x RFC 1918
>net
>
>From: "Greg Winkler" <[email protected]> 
>Subject: [FW1] Partition off a class C within a 10.x.x.x RFC 1918 net
>
>> We use a 10.x.x.x network internally per RFC 1918. Up until today I've
>> used a network object of 10.0.0.0 with a mask of 255.0.0.0 to refer to
>> all of my internal hosts. 
>
>God I can't imagine what your arp table might look like! :)
>
>> Ideally I would have an object that included all of my
>> 10.x.x.x networks EXCEPT for 10.250.1.x. 
>
>Why not just create 2 objects:  ClassA = 10.0.0.0/8,  ClassC =
>10.250.1.0/24.
>FW1 doesn't care.  When you write your policy, make sure all the rules 
>for ClassC are on top of the rules for ClassA.  The sieve effect will deal
>with your ClassC first, anything else is implicitly !ClassC, ergo your
>ClassA rule gets it next.  At the end of your ClassC rule bloc explitcitly
>drop stuff for your ClassC, so your ClassA rules don't "accidently" get
>packets 
>that didn't match your ClassC rules.
>
>For routing, the same principle applies, more specific to less specific.
>Just make sure you have routes defined for 10.0.0.0/8 (general) as well as
>10.250.10.0/24 (specific).
>
>Why is this hard?  Am I missing something really obvious?
>
>CT




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.