I just got an Alix 2d3 board with three ethernet ports to use with Zeroshell 1.0.beta11 on my network.
We have an internet connection with a .240 subnet with usable IP addresses from, we’ll say, 188.8.131.52 – 184.108.40.206. 220.127.116.11 is the router to the internet (on the ISP’s side). This is connected to ETH01 on zeroshell.
I’d like to configure zeroshell so that our LAN clients (192.168.0.2-200, ETH00) are behind NAT to go out IP 18.104.22.168 for internet access (zeroshell on this LAN will be 192.168.0.1).
I’d also like to have some sort of “DMZ” on ETH02 for our public servers. I’d like the public servers to use their public IP addresses so they can be accessed from both the LAN & Internet with the same addresses. Their IP addresses would be 22.214.171.124-.142. I would also like them to be protected by firewall rules.
We’re not interested in implementing QoS at this time, just getting the firwall & NAT set up properly.
Here’s a little diagram:
126.96.36.199 188.8.131.52 192.168.0.1
+ LAN Clients (NAT)
+ Public Servers
ETH02 (Firewalled, no NAT)
I had originally tried bridging ETH01 & ETH02, and configuring NAT on the bridge, but the public servers seemed to bypass the firewall rules and their outgoing traffic seemed to be NAT’d too, which they shouldn’t be.
Can anyone give me some ideas, or let me know if I’m insane 🙂