Multi port firewall
I already have a firewall/router being used at the entry point to my DSL
I now need to repeat the process for a small office.
The fun comes with the fact that we will have some internet visible
boxes also located in this office. Best practice would be to have two
firewall boxes one from the WAN (internet) to the DMZ and the other from
the DMZ to the office LAN. However this isn't practical for our needs
(budget / space / power), so we intend to run just the one
firewall/router machine with eth0 to WAN, eth1 to DMZ and eth2 to LAN.
This will also allow me to shape all traffic to and from the internet
(not just to and from My LAN)
eth0 and eth1 will therefore share the same subnet. How do I configure
my firewall/router to route to these boxes correctly?
for example (Fake address)
WAN (188.8.131.52) eth0
DMZ (184.108.40.206) eth1 (Other servers to be internet visible 220.127.116.11 -
18.104.22.168 on this port)
LAN (192.168.1.1) eth2 (NAT)
Yes I could do address translation for all boxes in the DMZ (i.e.
transpose all internet addresses to a local address i.e. 192.168.2.3 -
192.168.2.15) but I really don't want to do this if possible (the
network is likely to become a lot more complicated later and this would
just confuse matters)