Need to add a firewall, need help with topology and design
Posted on 2004-10-21
We have a LAN of about 25 users in a 98/2000/XP environment. Currently, we are running 1 2000 server machine that handles AD, Printers, and File Sharing, DNS, DHCP, etc. All users currently have access to the internet through a Cisco 1720 Router on a Fractional T1. The router is doing the NAT, and does not have firewall capabilities in IOS.
My goal is to be able to have a segment for our company LAN, a segment for a mailserver and eventually a web server, and a public segment for wireless internet access only. I would also eventually like to have the ability to VPN into the company network to administer systems from home.
I do not want to purchase a separate firewall like a PIX. I'm hoping to do this with what I have.
This is what I currently have:
Private LAN ----------| |-----------****Internet (xxx.xxx.93.78)
| Router |
This is what I'm thinking I need to do, I just need some ideas...
Public Wireless Internet LAN---------------| |----------| |--------****Internet (xxx.xxx.93.78)
(192.168.1.x) | | |Router |
Private Internet and File/sharing LAN-----| Linux | |______|
(192.168.5.x) | Firewall |
Will this topology work?? with the correct rules, is this an appropriate solution?
One thing I learned from playing with this is that I have a DHCP server on my Private LAN to assign IP addresses. On my PUBLIC lan for wireless users, I do not have anything to assign IP addresses. Is this something I should or should not do on my firewall for that particular interface facing the PUBLIC network?
Do I need more than one IP address from our ISP to host a mail or web server? Can I just use the current one we have?