Sign in with
Sign up | Sign in
Your question

Firewall-Router Gateway questions

Last response: in Networking
Share
Anonymous
August 18, 2005 5:01:41 PM

Archived from groups: comp.security.firewalls (More info?)

I have a standard setup with a T1 coming into a router which is
connected to a firewall and then to a private network. The router has
a default gateway and the firewall has a default gateway. The
router's gateway points to the Internet but I'm not sure about the
firewall's gateway - should it point to the internal router
connection, the external router connection or the Internet?

Additionally, when I set up DHCP, should I set it to the firewall's
gateway or the router's?
August 18, 2005 5:16:57 PM

Archived from groups: comp.security.firewalls (More info?)

Hi Steve -

On Thu, 18 Aug 2005 13:01:41 -0400, Steve Gross <sgross@jesna.org>
wrote:

>I have a standard setup with a T1 coming into a router which is
>connected to a firewall and then to a private network. The router has
>a default gateway and the firewall has a default gateway. The
>router's gateway points to the Internet but I'm not sure about the
>firewall's gateway - should it point to the internal router
>connection, the external router connection or the Internet?
>
>Additionally, when I set up DHCP, should I set it to the firewall's
>gateway or the router's?

It is not completely clear from your first sentence if the network is
connected to the firewall, router, or both.

Assuming that the private network is connected solely to the internal
side of the firewall, and the external side of the firewall is
connected solely to the internal side of the router ...

The firewall's gateway address should be the internal IP address of
the router.

The gateway address of the devices on the private network should be
the internal IP address of the firewall.
--
Ken
http://www.ke9nr.net/
Anonymous
August 18, 2005 10:52:15 PM

Archived from groups: comp.security.firewalls (More info?)

In article <4hf9g1hoh3r4bf0mhph2uh14q1qpa5n1kf@4ax.com>,
sgross@jesna.org says...
> I have a standard setup with a T1 coming into a router which is
> connected to a firewall and then to a private network. The router has
> a default gateway and the firewall has a default gateway. The
> router's gateway points to the Internet but I'm not sure about the
> firewall's gateway - should it point to the internal router
> connection, the external router connection or the Internet?

Since you have a T1, they come with a very good support group, please
ask them. In most cases your T1 provider already provided you with your
IP range, mask and default gateway address - this is the information you
enter into the Firewall.

> Additionally, when I set up DHCP, should I set it to the firewall's
> gateway or the router's?

If you have an internal network that has a Server/Domain you don't want
to have the firewall do DHCP as the server should be doing it and also
acting as the DNS with forwarding through the firewall to the ISP.

Is your network Windows based?

Do you have a domain (meaning are your computers setup in client/server
mode or is everything just a workgroup)?


--

spam999free@rrohio.com
remove 999 in order to email me
Related resources
Anonymous
August 19, 2005 1:45:24 AM

Archived from groups: comp.security.firewalls (More info?)

Steve Gross wrote:

> I have a standard setup with a T1 coming into a router which is
> connected to a firewall and then to a private network. The router has
> a default gateway and the firewall has a default gateway. The
> router's gateway points to the Internet but I'm not sure about the
> firewall's gateway - should it point to the internal router
> connection, the external router connection or the Internet?

The default gateway is always the gateway in the same subnet, that every
packet is sent to that can't be reached within the particular subnet.

Example: ISP uses aaa.bbb.ccc.0/30 as the transfer network and provides
aaa.bbb.ccc.8/29 for your DMZ. THere are two servers in your DMZ and your
firewall:

I'll try some ASCII art ...

router_at_the_isp
| IP aaa.bbb.ccc.001/30
|
| ext. IP aaa.bbb.ccc.002/30
router_from_isp
| dmz IP aaa.bbb.ccc.009/29
|
+---- dmz server_1 aaa.bbb.ccc.010/29
|
+-----dmz server_2 aaa.bbb.ccc.011/29
|
|
|
| dmz. IP aaa.bbb.ccc.012/29
firewall
| int. IP 192.168.0.254/24
|
|
+----Clients IP 192.168.0.xyz/24

On the Clients set the default Gateway to 192.168.0.254
On the firewall and on the dmz Servers set the default Gateway to
aaa.bbb.ccc.009

> Additionally, when I set up DHCP, should I set it to the firewall's
> gateway or the router's?

You can use the router but than you need a host route on each client
pointing to the router via the firewall. I'd not do that but use the
firewall instead. ;-)

Wolfgang
August 19, 2005 5:08:44 AM

Archived from groups: comp.security.firewalls (More info?)

Sorry for my pop into the discussion but i was reading it and it looked
somewhat strange to me.

Isn't the router supposed to have an embedded hardware firewall as an
application running on itself exactly as it has NAT running also?

Why having a software firewall runninh on a localhost by itself?
!