Small network with a single real IP
I have a few boxes at home, and I'm willing to set up a mini network.
I have only one IP address. My question is an "architecture" one.
So far, I had my firewall with nothing running but ssh2 and masquerading
the internal private network (firewall is under potato, kernel 2.2.13).
Seems to work ok.
Now, I'm willing to provide ftp and www. I'm dedicating another small box
for that. What I though is to have the firewall forward these two services
to this ftp/www box.
Should I set up two internal private subnets (one for the ftp/www),
and one for the other computers? What kind of communication should I allow
between them, in case the www/ftp box gets broken? Is that the way to go?
Also, is it reasonnable to forward ssh2 to an internal box?
Currently, when I'm outside, I log on my firewall, and then inside.
Is one alternative safer than the other and for what reason?
Finally, should I upgrade to 2.4 to use iptables or is what I'm willing
to do going to be just fine with ipchains and ipmasqadm?
Thanks a lot.