On Thu, 31 Mar 2005 12:29:25 -0500, James W. McKeand <james at mckeand dot biz> wrote:
> 
> This is how I would do it:
> 1. Put your OPT on a totally different Subnet (I use 192.168.x.x for
> LAN and 172.16.x.x for OPT) - no bridging on OPT interface... Just for
> clarity and to avoid fat fingers... 192.168.x.x and 192.169.x.x are
> simple to get crossed...
> 

Not to mention 192.169-170.x.x is a valid public IP range that could
be assigned some day that you then wouldn't be able to access if you
needed to.  :)

I would keep the subnets close together though, for the sake of
possibility of range CIDR summarization for firewall rules and other
purposes.  It does make things more clear sometimes to use such
drastically different subnets, but using contiguous ones can make
firewall rule writing a whole lot easier (if you have numerous
subnets).  Like if you use 192.168.0.0/24, 192.168.1.0/24,
192.168.2.0/24, and 192.168.3.0/24, you can summarize all of those
with 192.168.0.0/22 for firewall rule and routing protocol purposes. 
For small networks that'll never need to be big or complex, it's
probably not much of a concern though.

-Chris