I have already implemented the almost same set-up but i used shorewall as my firewall and I didnt implement the DHCP. What I did was to assign a particular ethernet card for each zone: internet, DMZ (servers), and Users. My internet zone was the only one who has the public ip address and the other two zones were using private ip address. I used IP masquarade for the DMZ and Users to have an internet access. For the servers to be access from the internet activated then the port forwarding of the firewall. Besure to assign a static ip address on the servers to make the port forwarding work.
You should also make some additional entry on the routing table of your firewall to be able to forward request from one zone to the other. I haven't tried yet the ipcop but I think it would definitely do the work.... Hope this helps. :) --- jan gestre <[EMAIL PROTECTED]> wrote: > hi guys, > > i'm planning to change our company's present network > setup similar to the > image attached herewith, and based on the image, i > have three zones, red for > the untrusted internet, orange for my servers and > green for my > lan/workstations. i'm planning to install ipcop in > our > firewall/gateway/nat/dhcp server, all workstations > are running windoze, the > servers are combinations of debian and win2k. > our present network setup is that all of the servers > have a public assigned > static ip directly connnected to the red zone > internet via our dsl modem and > the workstations are using private addresses. > what i would like to happen is that the firewall > gateway is the only one > using a public ip, the rest, i.e. orange > zone(servers) have a private static > ip and the green zone(lan) will be using a private > dhcp assigned ip. would > that be possible? i mean, can the orange zone( > publicly accessible servers) > have private ip's? need your opinion guys. > > TIA > > sorry for the image attachment, i can't draw using > ascii :D > > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > [email protected] (#PLUG @ irc.free.net.ph) > Read the Guidelines: http://linux.org.ph/lists > Searchable Archives: http://archives.free.net.ph __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
