[ previous ] [ next ] [ threads ]
 
 From:  "PF: m0n0wall" <m0n0wall at in dash genius dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Weird idea: is it possible?
 Date:  Wed, 13 Jul 2005 08:15:06 -0700
I have a client that need some additional bandwidth so I am considering
having Comcast cable installed.

I have been brainstorming a way to make the two internet connections
play well together without buying expensive equipment.

I am not looking for failover or direct usage of both internet
connections. 

Their current internet is a 400K bi-directional fractional T1.  The have
a /29 subnet.

Picture this m0n0wall configuration:

The Comcast cable (DHCP) connected to the "WAN" port.

The LAN is connected to the "LAN" port. DHCP, DNS, etc handled by Wintel
machines.  LAN machines would use this as their gateway.

Now comes the weird idea... (it might be hard to visualize)

They have a DMZ zone on their /29 subnet that is protected by a
Netscreen firewall in layer 2 transparent mode. There are a couple
machines using static IPs for things like web serving and SMTP relay.

My idea is to pretty much eliminate the usage of the 400K connection for
LAN use. It will be reserved for web, SMTP and remote access (RDP)
usage.

What if I connected the m0n0wall "OPT1" interface to their /29 using a
static IP and used NAT to forward some ports (like SMTP) on that
interface to LAN based machines?

Does anyone know if this will work?  Will connections from the internet
to the /29 IP on m0n0wall actually route correctly?

Will the SMTP server in the LAN be able to send mail directly to the
SMTP relay in the DMZ (opt1) without going out through Comcast?  Will
the SMTP relay in the DMZ be able to send mail directly to the opt1
interface and have it go to the LAN server?  Will inbound RDP
connections through OPT1 from the internet route correctly to the LAN
machines?

Any help would be appreciated.

-Kevin