2 NICs, same subnet for a 'gateway' that won't block traffic from 'outside' NIC

From: freat (rsenykoff_at_harrislogic.com)
Date: 02/27/04 

Date: 26 Feb 2004 15:06:32 -0800

Here's my problem,

I need to implement QoS for our servers so that the office can handle
video conferencing (currently video conferencing locks up when
replications start, etc). QoS will work wonderfully for this, but the
issue is that we've invested in hardware firewalls / VPN and these
need to handle the external connection. If I simply put in a linux
router behind the VPN appliance, then I'm preventing VPN access to all
the machines on the network behind the linux router.

One option I was thinking, is if the linux box could have 2 NICs and
function as a gateway then I could point everyone at the gateway to
get out, and it would then talk to the VPN appliance. Let's try a
diagram:

          Internet
             |
             |
           -----
           |VPN|
           -----
             |
          --------
  PC------|SWITCH|-------PC
          --------
             ||
          ---------
          |LINUX |
          |QoS |
          ---------
          
Another thought... can the router be configured to let traffic through
to the other side? Would strange routes have to be set up for people
coming in from the VPN, or just on the VPN box? This would be ideal as
anything coming in would have to go through the QoS box, so the
outgoing traffic would then be shaped.

Something like this:

          Internet
             |
             |
           -----
           |VPN|
           -----
             |
          ---------
          |LINUX |
          |QoS |
          ---------
             |
          --------
  PC------|SWITCH|-------PC
          --------

I hope these diagrams help. I hope I don't get too many responses like
"MAKE YOUR FIREWALL LINUX!!" and the like... it simply is not an
option. ;)

TIA! -Ron

Relevant Pages

  • Re: [fw-wiz] Recommendation needed for a firewall appliance
    ... >>I was unsuccessful in getting an IPSec VPN going with a Win2K ... >There are several firewall specific linux distros, Astaro, Coyote ... >There are some small firewall units, and there are small Managed Security ... >> for Windows, OSX and Linux. ...
    (Firewall-Wizards)
  • Re: Newbie Help with Linux VPN and OpenSwan.
    ... Linux over VPN without issue. ... Often your passcode with the SecurID ... Your VPN connection is secure. ...
    (comp.os.linux.networking)
  • Re: Roadblocks to Adoption: Where My Linux Suse Desktop Fails
    ... will not adopt Linux because of YOUR experience? ... "C" is a systems language, ... VPN Gateways, ... PGP Mac and Windows Client, IRE Safenet SoftPK VPN client, ...
    (alt.os.linux.suse)
  • Active Directory with remote sites.
    ... connected through a Cisco router VPN. ... Somehow have the linux box as slave to authenticate users to the ... existing connectivity to the linux server for file services. ...
    (microsoft.public.windows.server.active_directory)
  • Re: [SLE] Roadwarriors, VPN or pptp?
    ... > I'm using PPTP for some of our remote users, but that's because I have Win ... > poptop on a SnapGear firewall, though I'm planning to start moving to ipsec ... pptp is not as secure of a vpn ... Also recommended for consideration is Astaro Secure Linux. ...
    (SuSE)