quote:
Originally posted by tom:
hi sds,
#1: there is one DEFAULT gateway (this is quite normal). You can of course have other gateways by adding static routes later.
[ 31 July 2001: Message edited by: tom ]
quote:
Originally posted by sakshale:
All your internal systems will reside on an internal network using whatever IP numbers you chose. They will have the Internal IP number, say 10.20.30.1, for the firewall system as their default gateway.
In other words, if PC 10.20.30.41 wants to talk to a system that is not on your 10.20.30.0 network, it needs to talk to the firewall box and ask it to forward its traffic. So, its default gateway would be set to 10.20.30.1.
The firewall system, on the other hand, needs to know how to talk to the internet, so its external IP number needs to be the one your ISP assigns and its default route also needs to be the one assigned by your ISP. It will accept traffic from your internal boxes and send it to the outside world.
Sakshale
quote:
After finishing the installation, I tried to define the network for my eth1, I enter my external IP, netmask and it complains that my netmask (255.255.254.0) doesn't make sense for the external IP I just assigned even though that is the correct value for our external network. What should I do?
quote:
Originally posted by Ørjan Sandland:
Larry,
I have never used the suggested default gateway in the installation.
Remember - there is only ONE default gateway on your system, and it's irrelevant whether it's configured at the same time as your internal nic or not.
You don't have to do this right during install though, as the only problem if it's not set properly, is that your box can't find the rest of the world.
You then need to connect to the admin interface and set the default gateway.
Ok, to give an exact answer to this, I would have to know the exact IP-address of your gateway, your ext-ip and the proper subnet mask.
BUT - some valid assumptions may work too.
You mention ip 202.199.199.1 as a possible default gateway, and this is a class C IP-address.
You also mention a netmask of 255.255.254.0
This is not a standard class C netmask. A standard class C netmask has 255.255.255.0, or even 255.255.255.128 (or however you'd like to divide this subnet).
If the default gateway ip is correct for the first octet, and the netmask you've given is correct - you are on a network which is supernetted (as opposed to subnetted)
Supernetting is, if my memory doesn't fail me completely, a way to take several class C networks transforming them into a network with more hosts on it. I have not seen this in a long time, but of course it is still possible.
The big Q now - is whether ASL supports supernetting!!
The reason why ASL complains that the netmask doesn't make sense for the external IP you've assigned, is PROBABLY that the ip-address and netmask is matched against the classtype netmask and possible, allowed subnet alternatives.
I don't know the logic behind ASL, so others will have to shoot or cheer me here :-)
I have also used floppyfw, Mandrake SNF, as well as Smoothwall, ClarkConnect and others, and quite frankly - ASL is way way ahead of them all in most aspects that a business will expect of a professional firewall.
I hope you get it working, and I hope some of the techies have an opinion on my thoughts on the supernetting issue.
Best regards,
Ørjan Sandland
[ 28 August 2001: Message edited by: Ørjan Sandland ]
