Hi All,
Newbie here, please be nice.
I just started at my company(s) and I am working on replacing a Free BSD router/firewall with a m0n0wall for ease of management.
-The network has three fixed external IPs and two LANs. It is actually two complete networks for two small companies. I manage both networks, but they need to be kept separate. -Each network has it's own mail server, web, ftp, etc. -Each network also has it's own network services, DHCP, DNS, etc. -I need all traffic (except broadcast) to be allowed between the two networks
I have been trying to set this up on a single m0n0wall box, but when I get it connected it appears some traffic is getting "lost". for example: e-mail to and from the Opt1 network is intermittent or disappears altogether.
I would like to set this all up on one box (3 nics) if I can, but I am considering the option of setting up two m0n0wall boxes with a VPN connection between them. The issue with this idea is I have one server hosting three FTP sites with each routed through a separate ext IP.
Current configuration: WAN interface: x.x.x.170, Server NAT x.x.x.171 & x.x.x.172 LAN 10.0.0.1/24 Opt1 10.0.10.1/24
NAT I have set up Inbound NATs for all of the ports that need to be open from each external IP to the IP of the server hosting the specific service. I allowed m0n0wall to create the required firewall rules for the WAN interface.
Firewall: Rules I have a rule on both LAN interfaces to allow all traffic to any destination. I will add a rule to block port 25 from all of the workstations.
So my questions are: Do I need to add static routes to direct traffic to the LAN interface and the Opt1 interface? Is there any difference in the way m0n0wall treats the LAN interface as compared to the Opt 1 interface? Can you set up the Opt1 interface as a full service LAN? Would I be better off setting up two m0n0wall boxes ( one with 2 Ext. IPs) with a VPN between them and set a static route for the one FTP NAT through the VPN to the other network?
Thanks for any help offered.
George
|