Router+Firewall+DMZ Help needed

Home Page Forums Network Management ZeroShell Router+Firewall+DMZ Help needed

This topic contains 1 reply, has 0 voices, and was last updated by  brian360 10 years ago.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #41577

    brian360
    Member

    Hi all,

    I just got an Alix 2d3 board with three ethernet ports to use with Zeroshell 1.0.beta11 on my network.

    We have an internet connection with a .240 subnet with usable IP addresses from, we’ll say, 1.2.3.129 – 1.2.3.142. 1.2.3.129 is the router to the internet (on the ISP’s side). This is connected to ETH01 on zeroshell.

    I’d like to configure zeroshell so that our LAN clients (192.168.0.2-200, ETH00) are behind NAT to go out IP 1.2.3.130 for internet access (zeroshell on this LAN will be 192.168.0.1).

    I’d also like to have some sort of “DMZ” on ETH02 for our public servers. I’d like the public servers to use their public IP addresses so they can be accessed from both the LAN & Internet with the same addresses. Their IP addresses would be 1.2.3.136-.142. I would also like them to be protected by firewall rules.

    We’re not interested in implementing QoS at this time, just getting the firwall & NAT set up properly.

    Here’s a little diagram:


    1.2.3.129 1.2.3.130 192.168.0.1
    +
    +
    +
    +
    + LAN Clients (NAT)
    Internet ETH01|Zero-|ETH00
    |Shell|
    | |
    +
    +
    + Public Servers
    ETH02 (Firewalled, no NAT)
    1.2.3.136
    1.2.3.137
    ...
    1.2.3.142

    I had originally tried bridging ETH01 & ETH02, and configuring NAT on the bridge, but the public servers seemed to bypass the firewall rules and their outgoing traffic seemed to be NAT’d too, which they shouldn’t be.

    Can anyone give me some ideas, or let me know if I’m insane 🙂

    Thanks!

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.