Our ISP has given us 32 IP addresses for all of our servers. Currently all servers are dual-homed with 1 public WAN interface and 1 private LAN interface. I am currently using a software-based firewall for each server and would like implement a m0n0wall router/firewall in to the mix so that I am not having to manage each server's firewall individually. What I don't know is which NAT (if any) do I need to use?
Ideally, I'd like to keep each server's public interface active since this would be the least invasive. Eventually I could eliminate the public interfaces altogether and just use Server-NAT to access each server from the Internet.
I'm stuck as how to proceed. I've seen some posts about using the OPT1 interface (dridged to the WAN interface) on the router to create a DMZ but I would like to implement traffic shaping for all traffic (and I head traffic shaping doesn't work on bridged interfaces).
Does anyone have any advice on how to proceed? Did I provide enough details?
Your help is greatly appreciated.
[EDIT]: Sorry, I meant 1:1 NAT not Server-NAT.
|
m0n0wall Forum > m0n0wall Support (English) > Firewall/NAT
Topic: Which NAT to choose for public servers?