Re: Is this a wise configuration?
- From: Captain Dondo <yan@xxxxxxxxxxxxxxxx>
- Date: Fri, 28 Apr 2006 15:41:39 -0700
None wrote:
Here is my plan:
Configure the DSL router to foward the ports needed for the various servers to a single computer. This computer acts as a firewall between the two network zones. The firewall examines the destination port on incoming packets, and based on that, DNAT's the address to the appropriate physical server. (For example, redirect all packets destined to port 80 to 10.0.0.2, and all packets destined for port 21 to 10.0.0.3).
Also, in order to facilitate the "zone separation", this firewall will drop all packets coming from the "server zone", destined to the private LAN, and vice versa.
I will also configure the firewall to SNAT all packets coming from the "server zone", destined to the internet, with the private LAN IP address of the firewall.
Hopefully, this will behave as expected.
What you're describing is basically a DMZ. Look that up in any firewalling HOWTO.
You may also be able to set up your router as a bridge, and then set up your own firewall behind that.
My DSL is set up so that my DSL modem has one IP, and then my firewall has another routable IP on its external interface, but others may be set up so that the modem doesn't have an IP address at all and simply acts as a bridge... It all depends on the setup the ISP is using...
--Yan
.
- References:
- Is this a wise configuration?
- From: None
- Is this a wise configuration?
- Prev by Date: Re: Is this a wise configuration?
- Next by Date: Re: Is this a wise configuration?
- Previous by thread: Re: Is this a wise configuration?
- Next by thread: Re: Is this a wise configuration?
- Index(es):
Relevant Pages
|
