Shorewall users - May 2005 - new to the group - need help/suggestions

Hi,

I am new to this group and I have some questions and looking for suggestions.

Our current firewall is running on a BSD system and has issues, I was
planning on implementing shorewall.  Here is how our IP network is




-----T1 Link ---Cisco ---- Firewall ----Router -----

T1 link has a dedicated IP address
and has a framerelay link with Cisco

T1 (206.11.72.1) ---- Cisco (206.11.72.2)  

and behind the Cisco I have three routable IP networks  

207.24.169.0
207.24.79.0
207.24.172.0

I have two options,  

Connect the Cisco to the firewall with 4 ethernet interfaces, use
207.24.79.1 /30 for Cisco interface and 207.24.79.2/30 for Shorewall.
The rest of the interfaces for shorewall will 207.24.79.254/24
207.24.169.254
and 
207.24.172.254 

Is this a good idea or is there better ways to connect and route these
network behind the firewall.

Please advice.

thanks

-ViJay

Vijay Krishnan wrote:
> 
> Connect the Cisco to the firewall with 4 ethernet interfaces, use
> 207.24.79.1 /30 for Cisco interface and 207.24.79.2/30 for Shorewall.
> The rest of the interfaces for shorewall will 207.24.79.254/24
> 207.24.169.254
> and 
> 207.24.172.254 
> 
> Is this a good idea or is there better ways to connect and route these
> network behind the firewall.
> 
Sounds reasonable.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key