Vincent R Ragosta wrote:
> Okay, so I know enough about networking to shoot myself in the foot.
> So, before pulling the trigger, I wanted to run this by more
> knowledgeable individuals than I.
> I'm trying to secure my small business's network more than it currently
> is. Right now, I simply have a Cisco 871 that is using NAT to service
> the entire LAN. But, we have been allocated a x.x.x.x/29 network, so I
> have a couple of static IP addresses to work with. As a result, I was
> wondering if it would be possible to have a topology similar to this:
> (bridged) (Inbound NAT)
> T1-->Cisco 871 (IP filter)---------->MonoWall--------------->LAN
> | (1:1 NAT)
> So, essentially I want to use the Cisco 871 as a simple IP filter and
> have 3 interfaces on the MonoWall firewall. One interface would be
> bridged to the Cisco, one interface would be servicing the LAN using
> inbound NAT, and the last interface would be hosting public servers
> using 1:1 NAT. Is this configuration possible? Is it possible to
> allocate one public IP address to service the LAN and several different
> public IP addresses to handle the DMZ? If this is possible, how (at a
> very high level)? Would I need to further subnet my public IP address
> allocation across the LAN and DMZ interfaces?
> Forgive me if I said something stupid...Just trying my best to get this
> setup a bit better. Thanks!
No need to subnet the public further, you'll assign one IP to the WAN
interface, and then the additional IP's will be virtual IPs in monowall
that will do 1:1 NAT.. At least that how it works in pfsense.(based on
Your LAN will use the WAN ip for NAT.