OK, I have a couple endian firewalls running 2.2RC3, so I am familiar with things a bit, but would still consider myself a newbie sometimes. I wanted to throw this out there just to see if there are any pitfalls or gotchas (and note that I inherited this config, and am hoping to fix some of it).
Basically, I work at an office that has two separate companies that are sharing the same internet connection. Currently, they have a Cisco router that's plugged into a T1 line, that's then split into two consumer firewalls (a sonicwall and a linksys router with dd-wrt on it). The T1 router has two public IP addresses, and each firewall for each company is configured for one of them. The WAN card on the T1 router died over the weekend, and I was running things over a backup DSL line here in the office (as they run a bunch of web-based apps here in our office, so they need Web access as much as possible). That DSL line is generally used for a public access WiFi hot spot, plugged into a ZoneCD (www.publicip.net) server, but when our T1 dies, I've been known to rewire things so that the office can get back up. The two companies are setup so their private subnet is the same, but they use different IP address and DHCP ranges in that subnet so they can share the same network, switch and firewall w/out configuration issues (the firewall/gateway IP for both companies is the same). The other thing about these companies is that while they *can* share the same connection and network and switches and such, they don't like to. They like to be physically separated. Neither one of them run services that need to be accessible from the outside world, they just need good 'net access. Each service also has it's own DHCP server (Win2k boxes), so the endian server wouldn't be doing that. Ideally, I'd like to not even been involved should something go bonkers -- I'd rather just have it fail over automatically. So I'm trying to figure out the best way to do this. My thoughts/questions (and someone feel free to tell me if they have a better idea): 1) I'm thinking I'm going to need a system with 5-6 NICs - 1 for the T1 line, 1 for the DSL Line, one for a Cable Modem failover (optional, but probably not a bad idea, considering the quality of our copper out here) for Red/WAN links, one for the public WiFi access (connected to the Zone CD firewall), and one for each of the physical network in the building. Does endian support dual-NIC cards? My other endian setups are basic setups with 2-3 NICs, so this would be more complicated than I've setup before. 2) What kind of minimum hardware specs am I looking at needing for this so it doesn't completely drag? Like I said before, my others are just barebones 1U 1ghz compaq servers with 768 megs of ram, but I'm sure I'll need something more meaty for this, especially if I want to enable snort and the like. It doesn't have to be rack-mounted, so a tower PC with a bunch of PCI slots would probably suffice -- just need to know minimum RAM/CPU I'd need to pull this off. 3) Generally speaking, I'd like the public wifi to get as little traffic priority as possible, and would rather just keep it off the T1 whenever possible -- can I force the Orange port onto specific WAN links via QOS or something similar? Never done something like this before with Endian, but don't have a problem getting my hands dirty :-) 4) So I'd need two green networks (if this is possible) so that they're completely separate but equal. Each one is currently setup are setup in the 192.168.1.x ranges. Can I set it up so that traffic/requests for one public IP address ones to one green network, and one goes to the other? This is the part that I'm having a hard time wrapping my head around. I'd like to get rid of both firewalls on each network and just replace it with the endian (as endian is much more powerful), but I don't know if I'll be able to do that -- I might have to just use the endian as a traffic router. Any thoughts on this? OK, I've rambled enough. Thanks for listening and any input you might have would be great! -Jake -- View this message in context: http://www.nabble.com/2-Networks%2C-2-3-WAN-Links%2C-and-a-WiFi-AP-%28Orange%29-tp20761298p20761298.html Sent from the efw-user mailing list archive at Nabble.com. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Efw-user mailing list Efw-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/efw-user
