Find the answer to your Linux question:
Results 1 to 3 of 3
I have a local network on which I have about 30 desktop clients and 5 servers including a mail server and 2 citrix servers that of course need to be ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Mar 2007
    Posts
    3

    Subneting Lan to go out 2 external internet interfaces


    I have a local network on which I have about 30 desktop clients and 5 servers including a mail server and 2 citrix servers that of course need to be accessed from the outside world.

    I have 2 internet connections and I would like to use 1 firewall and place everything behind it, subnet the LAN into 2 groups and basically pass all the traffic from the client out one interface and the traffic for the servers out the other faster interface.

    Of course to top the complexity of this the 3 main servers each need to have it's own real world address mapped to the inside, along with the appropriate ports for the services they provide.

    I'm not seeing any good examples out there that do something like this. Does anyone have/seen an example I can start with or know of any good programs that can generate a script like this?

  2. #2
    Just Joined!
    Join Date
    May 2006
    Location
    The Void
    Posts
    9
    You need to obtain a second firewall for the second interface to do what you describe; then all the workstations use the slower gateway as their default gateway and the servers use the faster gateway as their default interface.
    Ideally you would have your publci facing servers on their own DMZ with rules allowing traffic from the LAN to the DMZ servers.

  3. #3
    Just Joined!
    Join Date
    Mar 2007
    Posts
    3
    I was thinking that with a single firewall with rules for both interface like that it would provide some fail over back-up. Obviously the servers incoming traffic if the connection went down wouldn't work but if the connection that the workstations used went down then they could fail over to use the other interface.

    Having one firewall could make things a lot simpler. I was also thinking about doing a similar kind of this but have 4 NICS on the firewall: the LAN, the servers that would go in a DMZ, then the 2 internet connections.

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •