Setting up public IP inside firewall: possible? - Networking

This is a discussion on Setting up public IP inside firewall: possible? - Networking ; I have... - one computer that runs Endian Firewall (EFW) - one server that runs Linux and virtualized systems - client computers (Linux, Mac and Windows) on the rest of my network I want to... - use EFW at the ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Setting up public IP inside firewall: possible?

  1. Setting up public IP inside firewall: possible?

    I have...
    - one computer that runs Endian Firewall (EFW)
    - one server that runs Linux and virtualized systems
    - client computers (Linux, Mac and Windows) on the rest of my network

    I want to...
    - use EFW at the edge of my network for its monitoring features and
    its easy to setup VPN
    - make my Linux server publicly accessible

    My ISP gives me one (1) static IP address on my cable modem; I can get
    more addresses if I pay more (20$/month). I would like, if possible,
    to give the Linux server its own IP address and still be able to
    monitor it with EFW.

    The simple setup would be to connect the Linux server and the EFW to a
    switch connected to the cable modem. However, that setup would NOT
    allow me to monitor traffic to the server with EFW.

    The ideal setup would be to route the traffic through EFW, to a kind
    of DMZ; is that possible?

    Thanks,
    Max


  2. Re: Setting up public IP inside firewall: possible?

    UPDATE:

    Am I on the right track if I assume you can bridge two NICs together to
    accomplish a transparent DMZ for the server?

    Thanks,
    Max

    P.S.: A diagram of the network will follow in another message.



    On 2007-09-05 20:59:02 -0400, Max said:

    > I have...
    > - one computer that runs Endian Firewall (EFW)
    > - one server that runs Linux and virtualized systems
    > - client computers (Linux, Mac and Windows) on the rest of my network
    >
    > I want to...
    > - use EFW at the edge of my network for its monitoring features and
    > its easy to setup VPN
    > - make my Linux server publicly accessible
    >
    > My ISP gives me one (1) static IP address on my cable modem; I can get
    > more addresses if I pay more (20$/month). I would like, if possible,
    > to give the Linux server its own IP address and still be able to
    > monitor it with EFW.
    >
    > The simple setup would be to connect the Linux server and the EFW to a
    > switch connected to the cable modem. However, that setup would NOT
    > allow me to monitor traffic to the server with EFW.
    >
    > The ideal setup would be to route the traffic through EFW, to a kind
    > of DMZ; is that possible?
    >
    > Thanks,
    > Max





  3. Re: Setting up public IP inside firewall: possible?

    It seems the attachment did not get through!

    Here is a convinient link to the diagram:
    http://picasaweb.google.com/Maxime.P...28243122866082

    Cheers,
    Max

    On 2007-09-06 21:14:08 -0400, Max Plante
    said:

    > UPDATE:
    >
    > Am I on the right track if I assume you can bridge two NICs together to
    > accomplish a transparent DMZ for the server?
    >
    > Thanks,
    > Max
    >
    > P.S.: A diagram of the network will follow in another message.
    >
    >
    >
    > On 2007-09-05 20:59:02 -0400, Max said:
    >
    >> I have...
    >> - one computer that runs Endian Firewall (EFW)
    >> - one server that runs Linux and virtualized systems
    >> - client computers (Linux, Mac and Windows) on the rest of my network
    >>
    >> I want to...
    >> - use EFW at the edge of my network for its monitoring features and
    >> its easy to setup VPN
    >> - make my Linux server publicly accessible
    >>
    >> My ISP gives me one (1) static IP address on my cable modem; I can get
    >> more addresses if I pay more (20$/month). I would like, if possible,
    >> to give the Linux server its own IP address and still be able to
    >> monitor it with EFW.
    >>
    >> The simple setup would be to connect the Linux server and the EFW to a
    >> switch connected to the cable modem. However, that setup would NOT
    >> allow me to monitor traffic to the server with EFW.
    >>
    >> The ideal setup would be to route the traffic through EFW, to a kind
    >> of DMZ; is that possible?
    >>
    >> Thanks,
    >> Max





  4. Re: Setting up public IP inside firewall: possible?

    Hello,

    Max Plante a écrit :
    >
    > Am I on the right track if I assume you can bridge two NICs together to
    > accomplish a transparent DMZ for the server?


    Yes, this is one possible solution. What kind of monitoring are you doing ?

  5. Re: Setting up public IP inside firewall: possible?

    On Sep 7, 10:44 am, Pascal Hambourg
    wrote:
    > Hello,
    >
    > Max Plante a écrit :
    >
    >
    >
    > > Am I on the right track if I assume you can bridge two NICs together to
    > > accomplish a transparent DMZ for the server?

    >
    > Yes, this is one possible solution. What kind of monitoring are you doing?


    Basically, I like Endian Firewall (EFW)'s ntop monitoring web
    interface, which shows very detailed per-protocol traffic stats. There
    is also interesting intrusion detection (snort) and the traffic
    shaping features.

    This could also be done with m0n0wall I believe (can anyone confirm?),
    but I have no experience with it. Anyway, I'd rather use a firewall
    distribution than setup a custom Linux or BSD solution, since the
    former is quicker to setup and upgrade.

    I have found this concise documentation about m0n0wall:
    http://doc.m0n0.ch/handbook/examples...ed-bridge.html

    Does anyone know if that solution is adequate if:
    1) the ISP hands out IP addresses without a netmask?
    2) I use Endian Firewall? If so, how?

    Thanks,
    Max


+ Reply to Thread