|
||||||||
> -----Original Message----- > From: Hilton Travis [mailto:Hilton at QuarkAV dot com] > Sent: Tuesday, April 27, 2004 8:10 PM > To: m0n0wall at lists dot m0n0 dot ch > Subject: Re: [m0n0wall] LAN router question First, we need a bit more information about the current setup of your network... > 1. Are these 2 * /24 networks consecutive, or are they > non-consecutive /24 networks? They are 3 separate class c's, from 3 separate providers. So they are non-consecutive > 2. Does your current firewall have multiple interfaces, > one per /24 internal network, or does the current firewall > perform the routing between these different networks by > using "ipalias" or similar multiple IP assignment to its > one internal interface? We have 3 firewalls currently; each covering one ip range/connection out. Each ip range has been aliased onto each firewall, so they know all the routes between each other. There are 3 ip addresses per inside interface of each firewall. I am trying to keep the internal traffic from getting as far as the firewalls. Right now, I am only concerned with routing away from two of these firewalls. > 3. Are these three /24 networks needed to separate secure > from insecure traffic, for example to separate accounting, > HR and the rest of your traffic? If not, I assume that > the traffic on any network could/would be allowable on any > of the other networks. These are 3 public ranges and we are unable to switch to NAT at this time. One range is specifically for hosting customers, one range is primarily for workstations and internal servers, and one is a hodgepodge of both. We DO want each of these networks to get to each other, that is the exact thing I am trying to accomplish. I do not need to keep them separate from each other. I want the traffic to pass between all three networks without hitting our existing firewalls. The monowall is going to be more of a router than a firewall. Thanks! |