Specifications

Now the network card (eth1) leading to the DMZ is conﬁgured. It should

be responsible for a subnet of the public IP addresses. How this subnet is

made available externally (announced) is discussed in the Kernel Runtime

Setup module.

Network type = ethernet

Device name = eth1

IP address = 80.80.80.14

Netmask = 255.255.255.248

Direction = internal

To be able to administer the private subnet in the DMZ, a virtual interface on

the same card is also set up:

Network type = ethernet

Device name = eth1:1

IP address = 192.168.8.14

Netmask = 255.255.255.248

Direction = internal

Now only the third network card, which should look after the internal net-

work, is missing. It is given the IP address 192.168.10.1:

Network type = ethernet

Device name = eth2

IP address = 192.168.10.1

Netmask = 255.255.255.0

Direction = internal

Page 4/5 of the Base Setup

The network routes for the individually conﬁgured networks are set by the

system itself. At this point, only routes that are not detected by the ﬁrewall

itself need to be added. In the case of Example, Inc., this is only a default

gateway to the router of the provider. The default gateway speciﬁes where

packets are sent that do not match the address range of a conﬁgured net-

work.

Destination = default

Gateway = 80.80.80.1

Netmask = 0.0.0.0

Interface = eth0

Page 5/5 of the Base Setup

To complete the base conﬁguration, the host name and domain name for the

ﬁrewall must be deﬁned.

52 Using the FAS