[TriLUG] Cable modem + firewall + router
Paul G. Szabady
paul at thyservice.com
Tue Nov 17 11:39:20 EST 2009
Steve, et al:
I'm working with a SAP developer and is running ESX on windows with
windows and linux clients, 2 linux servers and standard w2k3 server.
For reasons I don't necessarily agree with, there are four systems that
require a public IP. Additionally, "We do not want to turn on the
Windows firewall and we want to do on the VMWARE bridging and not use
their NAT service as it slows everything down."
Expanding on your example, I'd like to find a commodity appliance that
will route packets to the servers using public IPs as well as NAT for
others, while also providing a firewall. A number of these servers on
the PubIP side use the same std ports (ie: 80, 443, 22, etc) so I can't
easily use port forwarding. I'm hoping I don't need to go the way of an
expensive Cisco router. ;/
Commodity Appliance
|
\|/
v ________.
| .-----. .------. .--PubIP--|Linuxbox|
wall|---|cable|---|Router|---| `--------'
| |modem| | w/fw | | _____________.
| `-----' `------' .--PubIP--|WindowsESXbox|
| `-------------'
| ________.
.--PubIP--|Linuxbox|
| `--------'
| __________.
.--PubIP--|Windowsbox|
| `----------'
| ________.
.--NATok--|Linuxbox|
| `--------'
| __________.
.--NATok--|Windowsbox|
`----------'
--
Paul
@ Thy Service
Steve Litt wrote:
> On Monday 16 November 2009 21:52:54 Paul G. Szabady wrote:
>> Greetings,
>>
>> I just upgraded my TWC service to a business class with 5 static IPs.
>> Unfortunately, all I got from TWC was a U10C020 AMBIT cable modem/router
>> configured in bridge mode. They won't provide access to configure it, and
>> even if they did, I'm not sure it'll do what I want. What I would like to
>> have seems pretty simple and straight forward to me, but maybe I have a
>> screw loose. In essence, I want to have a gateway router (their modem?),
>> a firewall that'll route to the static IPs, and of course, 5 ports for my
>> servers.
>>
>> Does anyone have any recommendations? I have iptables configured for now
>> on my linux machines, but the windoze boxen are at risk... I know,
>> there's a windows firewall as well. But I really need the protection to
>> be before the servers, not on them. (Long story, but it has to do with
>> vmware and NAT being too slow for this app.)
>>
>> Thanks in advance!
>
> Hi Paul,
>
> I'm not sure what you were saying, but here's my Brighthouse configuration:
> ________
> | .-----. .-----. .------|Linuxbox|
> wall|---|cable|---|IPCop|---| `--------'
> | |modem| | box | | __________.
> | `-----' `-----' .------|Windowsbox|
> `----------'
>
> SteveT
>
> Steve Litt
> Recession Relief Package
> http://www.recession-relief.US
> Twitter: http://www.twitter.com/stevelitt
>
>
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
More information about the TriLUG
mailing list