Shorewall users - May 2005 - Adaptation - Architecture Question

I have been studying Tom''s configuration at: 
http://www.shorewall.net/myfiles.htm    -and-
http://www.shorewall.net/NAT.htm

I am using SBC as an ISP and also have 5 "real" IP addresses and
because
of other issues, have to re-do my set-up.   If I have a block  at .120/29 
assigned to me, what SBC does is give you 5 usable addresses, in my case 
.121 is the SBC modem/router and I can use .122 to .126   And yes - I got 
reverse authority from SBC, but that''s why I''m re-doing the
layout...

If I want separate mail and web computers in a dmz and my local network is 
a configuration such as:

eth0   .122  connected to the .121 modem/router
eth1   192 subnet to my local network
eth2   10  subnet to webserver    (one-to-one NAT for .123)
eth3   10  subnet to mail server  (one-to-one NAT for .124)
eth4   10  subnet for future use  (one-to-one NAT for .125)
eth5   10  subnet for future use  (one-to-one NAT for .126)

Or does the purpose of one-to-one NAT let me use  eth2 into a switch or 
hub and then to the other computers ?   (thereby eliminating the need for 
eth3, eth4, and eth5 - AND, the bit PLUS allow separate computers, i.e. 
10.x.x.123, 10.x.x.124, etc. to act as if they were those addresses)


OT  question -  What does Tom use to make the cool network diagrams ?

- Bill

Sufficiently talented fool

Bill.Light@kp.org wrote:
> 
> If I want separate mail and web computers in a dmz and my local network is 
> a configuration such as:
> 
> eth0   .122  connected to the .121 modem/router
> eth1   192 subnet to my local network
> eth2   10  subnet to webserver    (one-to-one NAT for .123)
> eth3   10  subnet to mail server  (one-to-one NAT for .124)
> eth4   10  subnet for future use  (one-to-one NAT for .125)
> eth5   10  subnet for future use  (one-to-one NAT for .126)
> 
> Or does the purpose of one-to-one NAT let me use  eth2 into a switch or 
> hub and then to the other computers ?   (thereby eliminating the need for 
> eth3, eth4, and eth5 - AND, the bit PLUS allow separate computers, i.e. 
> 10.x.x.123, 10.x.x.124, etc. to act as if they were those addresses)
> 
Bill,

My configuration and the Shorewall setup guide
(http://shorewall.net/shorewall_setup_guide.htm) both advocate Proxy ARP for
a DMZ. I stand by that.
> 
> OT  question -  What does Tom use to make the cool network diagrams ?
> 
I use Microsoft Visio (don''t hit me....)

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key