I am actually know designing the firewall my company would run through, I
basically need to masquerade internal 192.168.x.x network to the outside
world, and screen a lan of public ip addressed servers so they can access
and be accessed from the outside.
I do a similar thing, with two CARPy goodness firewalls.
I NAT all the private addresses in the 192.168 segment to the external IP
address of my firewall.
I just pass straight through all the traffic from the hosts in the public IP
address space.
I get a second 8 bit subnet for the CARP addresses and the router. This
gives me 1 for the router, 1 for the firewall, 2 for the CARP addresses (one
on each firewall) and 2 spare usable ones (in case I want to throw an extra
firewall or two in there, but mostly because the limitations of what can be
assigned require it.
I hope this is clearer than mud, I've been up far too long.
chau
tefol
