[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Multi port firewall

Hi there

I already have a firewall/router being used at the entry point to my DSL home network.

I now need to repeat the process for a small office.

The fun comes with the fact that we will have some internet visible boxes also located in this office. Best practice would be to have two firewall boxes one from the WAN (internet) to the DMZ and the other from the DMZ to the office LAN. However this isn't practical for our needs (budget / space / power), so we intend to run just the one firewall/router machine with eth0 to WAN, eth1 to DMZ and eth2 to LAN. This will also allow me to shape all traffic to and from the internet (not just to and from My LAN)

eth0 and eth1 will therefore share the same subnet. How do I configure my firewall/router to route to these boxes correctly?

for example (Fake address)

WAN (    eth0
DMZ (    eth1 (Other servers to be internet visible -
               on this port)
LAN ( eth2 (NAT)

Yes I could do address translation for all boxes in the DMZ (i.e. transpose all internet addresses to a local address i.e. - but I really don't want to do this if possible (the network is likely to become a lot more complicated later and this would just confuse matters)

Any suggestions?


Reply to: