Wondering if I can get some help?
I have a static public IP from ISP for an ADSL account (call it addrISP). We also have our own public IP range. I want to setup an LEAF box (eg dachstein), which holds the addrISP on one NIC, and one of our public IP addresses on another NIC. Then it will route all traffic through to other servers on the public IP addresses. Also there is an internal network beheind one of the other public IP addresses, with a VPN server attached.
So, two questions:
* what is the best way/distro to setup a LEAF box as this kind of border router? (I noticed references to border_router options on the dachstain network.conf documentation page, but haven't been able to find any substantial documentation about setting one up.)
You can use Dachstein (2.2 kernel & ipchains) or Bering (2.4 kernel and iptables) to do this. Bering with iptables gets you a stateful firewall, while Dachstein/ipchains is just a packet filtering firewall.
If you use Dachstein, you can use either the border_router options (not a lot of documentation as that's something inherited from Matthew Grant's Materhorn image that I never messed with much), or a "routed" DMZ.
If you use Bering, the Shorewall configruation is really flexible and can easily do what you want.
* how do I also set up the LEAF box so that it can receive VPN server requests on it's IP address (addrISP), but forward those requests to be served by another firewall server connected to the internal lan?
Why do you need to do this? The server connected to the internal lan also has a public IP, doesn't it (addrPUBB in the diagram below)? Why make life harder by natting only IPSec traffic from Server1, but not other traffic (tricky to setup and debug properly)?
Diagramatically, I guess I want something like:
[Internet]
|
eth0 (addrISP)
|
LEAF Box
|
eth1 (addrPUBA)
|
-------------------------------------
| | |
(addrPUBB) (addrPUBC) (addrPUBD)
Server 1 (VPN etc) Server 2 Server 3
(addrPRIVA)
|
internal network
Should work fine...
-- Charles Steinkuehler [EMAIL PROTECTED]
------------------------------------------------------- This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek For a limited time only, get FREE Ground shipping on all orders of $35 or more. Hurry up and shop folks, this offer expires April 30th! http://www.thinkgeek.com/freeshipping/?cpg=12297 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html