Hello --
Our existing firewall is provided and managed by a telco company that also
provides a T1 circuit and MPLS. The firewall has a small subnet on the
public side and a 10.0.0.0/24 address on the private side. All clients on
the LAN use the firewall as their default gateway. Additionally, some of
the public addresses are static NATed back to a few servers within the LAN.
Since 1.54mb/s is getting pretty tight for Internet access, we'd like to
supplement our connectivity with an inexpensive broadband connection. A
cable modem won't come with the SLA of bringing in an additional circuit,
but considering the difference in cost, it's something we can live with.
The problem is that (obviously) the telco won't allow us to connect another
provider into their managed firewall. What I'd like to do is put a
secondary firewall (a Linux box with Shorewall) behind the existing
firewall. Using three interfaces, I could interconnect the LAN, broadband,
and existing firewall. I've read through the multi-ISP docs, but I don't
know if the additional layer of NATing (performed by the existing firewall)
is going to cause me problems.
What would be the best way to make a "drop in" solution that would not
require changes to the existing firewall? Would it make sense to bridge the
LAN and existing firewall interfaces?
------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and,
should the need arise, upgrade to a full multi-node Oracle RAC database
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
