[ previous ] [ next ] [ threads ]
 
 From:  "Chris James" <lists at chrisjames dot me dot uk>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  m0n0 in datacentre environment
 Date:  Fri, 28 Jan 2005 11:50:16 +0000
Hello to the list!

I would like to use m0n0wall to protect 3 servers going in to a
datacentre. I have picked up a 12 port network appliance with a 1.2ghz
celeron, 256mb ram and CF Ide. Rack space is at a premium, so I would
like to use the bridging capability of m0n0wall to use this system like
a combined managed switch / firewall appliance.

I am getting a small allocation (8 addresses) from my ISP on their
subnet.

I want these IPs to be bridged, but i'd also like a NATTED private
network, so that I can lcok down the public IP addresses and then use
IPSEC to connect in and do sysadmin work.

This is the configuration I think I would use. Each server has two
network cards - hence the two connections.

WAN -> isp
LAN -> nothing (spare for admin laptop)
OPT1 (bridged with LAN) -> server1 private
OPT2 (bridged with LAN) -> server2 private
OPT3 (bridged with LAN) -> server3 private
OPT4 (bridged with WAN) -> server1 public
OPT5 (bridged with WAN) -> server2 public
OPT6 (bridged with WAN) -> server2 public

This uses 8 of the 12 ports.
I would proxyarp the three IPs on the OPT4/5/6 to the WAN interface.

Will this work as I expect it to? (I'm pretty new to all this :)

Cheers, I love the look of m0n0 btw.
Chris.

ps. I would have tried it out already - except the 12 port appliance
hasn't arrived yet. Just would like to get a headstart on anything I
should be aware of from the experts!
-- 
  Chris James
  http://www.chrisjames.me.uk