[ previous ] [ next ] [ threads ]
 
 From:  Adam Piasecki <apiasecki at midatlanticbb dot com>
 To:  Vincent R Ragosta <vrr6 at pitt dot edu>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Theoretical Topology
 Date:  Sun, 21 Feb 2010 18:47:10 -0500
Vincent R Ragosta wrote:
> Okay, so I know enough about networking to shoot myself in the foot.
> So, before pulling the trigger, I wanted to run this by more
> knowledgeable individuals than I.
>
> I'm trying to secure my small business's network more than it currently
> is.  Right now, I simply have a Cisco 871 that is using NAT to service
> the entire LAN.  But, we have been allocated a x.x.x.x/29 network, so I
> have a couple of static IP addresses to work with.  As a result, I was
> wondering if it would be possible to have a topology similar to this:
>
>                            (bridged)          (Inbound NAT)
> T1-->Cisco 871 (IP filter)---------->MonoWall--------------->LAN
>                                         |
>                                         | (1:1 NAT)
>                                         |
>                                        DMZ
>
> So, essentially I want to use the Cisco 871 as a simple IP filter and
> have 3 interfaces on the MonoWall firewall.  One interface would be
> bridged to the Cisco, one interface would be servicing the LAN using
> inbound NAT, and the last interface would be hosting public servers
> using 1:1 NAT.  Is this configuration possible?  Is it possible to
> allocate one public IP address to service the LAN and several different
> public IP addresses to handle the DMZ?  If this is possible, how (at a
> very high level)?  Would I need to further subnet my public IP address
> allocation across the LAN and DMZ interfaces?
>
> Forgive me if I said something stupid...Just trying my best to get this
> setup a bit better.  Thanks!
>
> Vincent
>   
No need to subnet the public further, you'll assign one IP to the WAN 
interface, and then the additional IP's will be virtual IPs in monowall 
that will do 1:1 NAT..  At least that how it works in pfsense.(based on 
m0n0wall)
Your LAN will use the WAN ip for NAT.