--- Michael Hasenstein
L. Mark Stone wrote:
I need only static NAT.
Yes, I understood that ;-)
I want to move the web servers behind the firewall, give them private IP addresses (which makes updating their content from
have the firewall forward traffic destined for
the servers which will have (going forward) only
... the LAN much easier), and their public IP addresses to private IP addresses. In
There are user level gateways for just that purpose too. I guess when it comes to really high bandwidth webservers IP NAT rules but it's just another option. Look for package "rinetd".
other words, have the T-1 DSU/CSU connect to the WAN ethernet card on the firewall, have the LAN ethernet card on the firewall plug in to the switch, and then have the web servers and the rest of the internal network connect to the switch. (We may or may not subnet the web servers.)
We do this with Cisco PIX firewalls all the time. It's easy, and there's only one firewall to configure.
Whether or not it's good security policy to have internal machines (which the webservers are in this setup) exposed in such a way or if you should add another firewall to have them on their own network between the firewalls is another topic...
This is why we have DMZ ... can SuSeFirewall2 do something like this? internet<->dmz -> NAT1 + routing internet<->intranet -> NAT2 + routing intranet<->dmz -> routing Martin
Michael
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
__________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com