[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Partition off a class C within a 10.x.x.x RFC 1918 net
Why not just subnet? # ID Range Broadcast 0 10.0.0.0 10.0.0.1 - 10.63.255.254 10.63.255.255 1 10.64.0.0 10.64.0.1 - 10.127.255.254 10.127.255.255 2 10.128.0.0 10.128.0.1 - 10.191.255.254 10.191.255.255 3 10.192.0.0 10.192.0.1 - 10.255.255.254 10.255.255.255 Well, if you subnet mask is 255.192.0.0 for your network, you can have 4 subnets. as long as your normal network fits in the first subnet (4194302 hosts) then you can just do that. Your "10.250.1.0" would fit in the last subnet and you can write the rules based on that. Your firewall and all devices should support what ever subletting that you want to use. You could also just pop the network into 2 pieces (though I find that very limiting) Or, yep, just use one of those other 2 "private" address ranges. hope that helps -----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of Greg Winkler Sent: Thursday, November 30, 2000 3:32 PM To: [email protected] Subject: [FW1] Partition off a class C within a 10.x.x.x RFC 1918 net We use a 10.x.x.x network internally per RFC 1918. Up until today I've used a network object of 10.0.0.0 with a mask of 255.0.0.0 to refer to all of my internal hosts. It has been very convenient to use this in my rules, for example "internal any http accept". I now have a need to "partition off" a class C subnet from that 10.x.x.x range, for example 10.250.1.x. This class C net will become a fourth leg on a firewall, that can no longer be considered part of my "internal" network. My issue is how do I define an object or objects that will let me differentiate in my rules between my internal 10.x.x.x net and this oddball 10.250.1.x net. Ideally I would have an object that included all of my 10.x.x.x networks EXCEPT for 10.250.1.x. I've puzzled myself trying to come up with a subnetting scheme and a network object to no avail. The idea of actually creating object for my literally hundreds of internal 10.x.x.x networks is unappealing to say the least. My other option is to grab one of the other RFC 1918 nets and use this for the fourth leg. But that would be TOO easy and I wanted to see if there might be a way to do it some other fashion. ---------------------------------------------------------------------------- ------------ Greg Winkler Systems Manager, IT&S Huntsman Corporation Internet Mail: [email protected] Voice:Fax:============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|