[ previous ] [ next ] [ threads ]
 From:  "Margret Treiber" <mtreiber at avectra dot com>
 To:  <Hilton at QuarkAV dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] LAN router question
 Date:  Wed, 28 Apr 2004 09:24:00 -0400
> -----Original Message-----
> From: Hilton Travis [mailto:Hilton at QuarkAV dot com] 
> Sent: Tuesday, April 27, 2004 8:10 PM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] LAN router question

First, we need a bit more information about the current setup of your

> 1. Are these 2 * /24 networks consecutive, or are they
> non-consecutive /24 networks?

They are 3 separate class c's, from 3 separate providers. So they are

> 2. Does your current firewall have multiple interfaces,
> one per /24 internal network, or does the current firewall
> perform the routing between these different networks by
> using "ipalias" or similar multiple IP assignment to its
> one internal interface?

We have 3 firewalls currently; each covering one ip range/connection
out.  Each ip range has been aliased onto each firewall, so they know
all the routes between each other.  There are 3 ip addresses per inside
interface of each firewall. I am trying to keep the internal traffic
from getting as far as the firewalls. Right now, I am only concerned
with routing away from two of these firewalls. 

> 3. Are these three /24 networks needed to separate secure
> from insecure traffic, for example to separate accounting,
> HR and the rest of your traffic?  If not, I assume that
> the traffic on any network could/would be allowable on any
> of the other networks.

These are 3 public ranges and we are unable to switch to NAT at this
time.  One range is specifically for hosting customers, one range is
primarily for workstations and internal servers, and one is a hodgepodge
of both.  We DO want each of these networks to get to each other, that
is the exact thing I am trying to accomplish.  I do not need to keep
them separate from each other.  I want the traffic to pass between all
three networks without hitting our existing firewalls.  The monowall is
going to be more of a router than a firewall.