General discussion


Firewall configration

By EngEhab ·
dear all
I have a network with Class C real Ip's I want to keep the real ip in the network and protect it using firewall Symantec security gateway.
my question is how to configure the internal and external nic.

the external will be real IP and the GW is the the router of the ISP.
now how to configure the internal IP.and keep the network using the real IP

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -


by LordInfidel In reply to Firewall configration

What happens is that your ISP will give you several things.

1. An IP address from their network, you put that on the external IF of your router. (lets call it

2. Then they give you your address range, in your case is a class c. We know it's public, but for this example I will use

Next comes the tricky part, what IP's to assign where. The problem comes in because you want to shape all traffic, making sure that it all passes thru your firewall.

If you just assign the near side of your router an IP from your public range, then nothing is stopping your users from bypassing your firewall.

So typicall the way this will work is that on your far side of your router you put the ISP's address from their netwk.

On your internal IF of your router you put a pvt ip address. Lets say .

On your firewall's external IF you put an IP address of and you say that it's default route out is . Now this is important, use a crossover cable to connect the 2,
Internal IF of the router and the external IF of the firewall.

Now on your firewall you have a second NIC, This is where your public address range goes. You assign it an IP of , you connect it to a switch, and your users also connect to the switch fabric, and set their gateway to

Here's the tricky part. How does your router know how to get to your public network? Easy,
On your router you add a route to the network by saying to get to that network use Because your internal IF is connected to the netwk, it will be able to get to the public network.

The reason this works is because your ISP is publishing a route that says to get to the network use

That is all the external world needs to know, your static routes take care of the rest.

And that's how it is done.

Related Discussions

Related Forums