| 1 |
I'd like to build a gentoo box to act as a single router between a hardware |
| 2 |
firewall (appliance) and two internal separate network segments. The goal is |
| 3 |
to allow both internal segments to access the Internet via the same |
| 4 |
firewall, but not allow them to see eachother. |
| 5 |
|
| 6 |
Here's my general idea - please tell me if it makes sense so far. |
| 7 |
|
| 8 |
1. Cable modem connected to ISP |
| 9 |
2. Hardware firewall connected to cable modem on Internet port, and an |
| 10 |
internal port to eth0 on the Gentoo box |
| 11 |
3. Gentoo box has 3 NICs: eth0 connected to the hardware firewall's internal |
| 12 |
lan port. eth1 connected to switch for internal lan segment 1. eth2 |
| 13 |
connected to switch for internal lan segment 2 |
| 14 |
4. Configure the NICs as follows: |
| 15 |
eth0 and firewall internal port are in |
| 16 |
192.168.0.0/24<http://192.168.0.0/24>subnet |
| 17 |
eth1 is in 192.168.1.0/24 <http://192.168.1.0/24> subnet |
| 18 |
eth2 is in 192.168.2.0/24 <http://192.168.2.0/24> subnet |
| 19 |
|
| 20 |
Sound OK so far? |
| 21 |
|
| 22 |
Next steps I think are figuring out how to provide DHCP to both internal |
| 23 |
subnets from the same Gentoo box, and what gateway address(es) the clients |
| 24 |
should use. Finally, I need to be able to do port-forwarding from the |
| 25 |
outside to a specific host on one of the internal subnets. Can I do that? |
| 26 |
|
| 27 |
One quandary I have is regarding the hardware firewall. We have money |
| 28 |
invested in it, but does it buy me anything now that we are creating the 2 |
| 29 |
separate subnets? Should I just sell it and let the Gentoo box be the |
| 30 |
firewall as well? |
| 31 |
|
| 32 |
Thanks for any insight, as always. |
| 33 |
-- |
| 34 |
Mark |
| 35 |
[unwieldy legal disclaimer would go here - feel free to type your own] |
Archives