[ previous ] [ next ] [ threads ]
 
 From:  Vincent R Ragosta <vrr6 at pitt dot edu>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Theoretical Topology
 Date:  Sun, 21 Feb 2010 16:41:26 -0500
Okay, so I know enough about networking to shoot myself in the foot.
So, before pulling the trigger, I wanted to run this by more
knowledgeable individuals than I.

I'm trying to secure my small business's network more than it currently
is.  Right now, I simply have a Cisco 871 that is using NAT to service
the entire LAN.  But, we have been allocated a x.x.x.x/29 network, so I
have a couple of static IP addresses to work with.  As a result, I was
wondering if it would be possible to have a topology similar to this:

                           (bridged)          (Inbound NAT)
T1-->Cisco 871 (IP filter)---------->MonoWall--------------->LAN
                                        |
                                        | (1:1 NAT)
                                        |
                                       DMZ

So, essentially I want to use the Cisco 871 as a simple IP filter and
have 3 interfaces on the MonoWall firewall.  One interface would be
bridged to the Cisco, one interface would be servicing the LAN using
inbound NAT, and the last interface would be hosting public servers
using 1:1 NAT.  Is this configuration possible?  Is it possible to
allocate one public IP address to service the LAN and several different
public IP addresses to handle the DMZ?  If this is possible, how (at a
very high level)?  Would I need to further subnet my public IP address
allocation across the LAN and DMZ interfaces?

Forgive me if I said something stupid...Just trying my best to get this
setup a bit better.  Thanks!

Vincent