On Sunday 16 April 2006 09:25 pm, Phusion wrote: > I have a cable connection at home and was wondering if the following > would work. If I put a Cisco 851 series router in front of a pair of > Soekris firewalls running OpenBSD using CARP and pfsync. So the Cisco > router would get a dynamic WAN IP and have a static LAN IP. The two > Soekris firewalls would sit behind it. Behind the redundant firewalls > would be the network. How could I get the computers behind the > firewall Internet access? Also would port forwarding work? The thing > is that I don't have a static IP address. Let me know.
You can do NAT on the 851 to say 10.1.0.0/24. Then put 10.2.0.0/24 as the subnet used on the LAN. Then just put a static route and any of your server redirects on the 851 to the 10.2.0.0/24 addresses. Internet - Public IP - 851 - 10.1.0.0/24 - Soekris/CARP - 10.2.0.0/24 - LAN 851 internet facing nic: public IP a.b.c.d 851 lan facing nic: 10.1.0.1 soekris/carp 851 facing: 10.1.0.2 soekris/carp lan facing: 10.2.0.1 851 route config: ip route 10.2.0.0 255.255.255.0 10.1.0.2 Now, the better approach would be to just get rid of the 851 and do the NAT on the Soekris/CARP boxes. What is the purpose of the 851 in the first place? VoIP? -------------------------------------------------------
