At 01:50 PM 8/15/02, you wrote: > >Sorry, Now I see what you're saying... > > > >How many external facing connections do you have/need, and why? > > > >1 connection, 5 IP's. I need the 5 IP's to run different services on >multiple servers. HTTP, SMTP, POP3, DNS, PPTP, stuff like that.
You don't want NAT for that portion. You would be best to setup a DMZ. You will need around 8 routable IP's total. Two for the front routing firewall 1 for each internet server (5) 1 for your Nat box. The front firewall handles packets coming from behind the internet but bother sides of the firewall use public IP's. So instead of using NAT you are just filtering packets that are hitting your internet servers. You use a second firewall to protect your private network from the internet and offer NAT services to the boxes on your private network. You can reduce the # machines and possible IPs by actually running the routing firewall and the nat firewall on the same machine with 3 nics but if that machine gets compromised not only do they have access to your dmz (you internet services), they have access to your private network as well. regards, -- Mark Lane Hard Data Ltd. mailto:[EMAIL PROTECTED] Telephone: 01-780-456-9771 FAX: 01-780-456-9772 11060 - 166 Avenue Edmonton, AB, Canada T5X 1Y3 http://www.harddata.com/ --> Ask me about our Affordable Alpha Systems! <--
BEGIN:VCARD VERSION:2.1 N:Lane;Mark FN:Mark Lane ORG:Hard Data Ltd. TITLE:Sales TEL;WORK;BUSINESS:780-456-9771 TEL;WORK;VOICE:780-456-9771 TEL;WORK;FAX:780-456-9772 ADR;WORK:;;11060 - 166 Avenue;Edmonton;AB;T5X1Y3;Canada LABEL;WORK;ENCODING=QUOTED-PRINTABLE:11060-166 Avenue=0D=0AEdmonton, AB T5X1Y3=0D=0ACanada URL;WORK:http://www.harddata.com EMAIL;PREF;INTERNET:[EMAIL PROTECTED] REV:20010222T231737Z END:VCARD
