Dear All,
I would like to setup a network to the outside world as follows:
WAN
|
|
Router R1 (Router + Firewall, SMC Network Router )
(external id: a.b.c.d, internal id : 192.168.2.1/255.255.2550 ) (Network A) (Linux Servers Redhat 9.0)
|
--------------------------
----------
----------
----------
-------
| | | |
HTTP Mail FTP |
Server Server Server |
|
|
Network Internal (Need access to Internet, with web,ftp,telnet, and msn. (Network B) (MS Windows)
192.168.3.X / 255.255.255.0
This network, B, also needs access to network C. Network C, should not access the internet, or have any
one able to access it from the internet or from Network A.
EXCEPTION: is one computer on net C which only delivers mail through smtp to the internet,
|
|
Network 192.168.168.X/255.255.255.
0 (Network C)
Only clients on Network B should be able to access it.
EXCEPTION: is one computer (DBServer) on net C which should accept database connections
through port 1521 only and only from the HTTP Server on Network A. This copmuter, DBServer, also
accepts connections from Network B through any other port So this computer is different than the
other computers in Network C, in that it will only accept a connection from Network A from the HTTP
server.
Now, the questions I have:
1. I want to achieve the maximum security in the network, especially to network C.
Can I control the router, so that it will only accept connectiions from Network A, not C or A. In this case, how
do I setup Network B ? Do I define a gateway for network B to forward to Network A ? and how to achive this, or do I define
a route to network A ? (how too?)
2. How to connect from B to C ? Define a route or a gateway ?
3. How to handle name resolution ? Do I define three in each network , or a nameserver forwarder ?
4. Is it better to have a firewall between each network ? How or what kind of setup is required then ?
5. Is it better to use a DHCP for network B ? or leave it static as it is now ?
6. Can I selectively enable and disable computers in Network B to see network C ?
7. Is it better to define a DMZ on Network A than NATting it with the router ?
8. Do I need two other routers for Network B and C ?
9. The best and most flexible option ?
10. For network B if I set it up this way, What should be the gateway ? should it be the router or the proxy server ?
11. How to setup the interaction for the clients and the different networks ?
12. Do I need a router for each network, or use a static route (how) ? How to define how the networks interact with each others
with restrictions and rules applied ? I would also like not to complicate the network very much, unless I have to for security reasons.
Basically, the main question would be how to implement such a network, and what details do I need to go through in terms of
commands and instructions / tools. Just to be in the right direction, I need to find out the best option that could be impolemented
in this case. For example, network A what are the setup parameters of it, network B, what is the gateway, dns ....etc and how can network B work with both network A and C, how to define the routing tables in this case ..etc.
All the Firewalls or Routers are SMC, not a computer, so we cannot use iptables or other firewalls.
Network C have computers running Linux / Sun / Windows Servers.
Network A is setup and running now,
Network B and C are both compined in the same network, running ip 192.168.68.X / 255.255.255.0. they will be split to two
networks, as the main domain server for the company is running in network C, and all computers on network B should connect to
to be granted logon to the domain.
I appreciate your help,
Thanks,
