IP Range and Routing for security
Posted on 2009-07-07
Hi peeps I currently have a quite simple network setup of a few internal subnets passing over a router on a stick (cisco 1721) with a Fedora 10 Linux box looking after the NAT and port forwarding for servers etc with 1 external IP.
This works fine but thankfully management gave the go ahead on a 10Mbit leased line. This goes lives in a couple of weeks and I am trying to suss the best way to handle securing and routing the new IP range (we are getting a /27 with the pipe). I'd like to use some of these IP's on our Windows servers to remove the limitations of port forwarding from the linux firewall.
My question is can I desgin the network in such a way that the linux box can firewall the /27 for the windows servers. I understand that it can be subnetted again to then use the linux firewall as the gateway, but my thinking (probably wrong) is that the ISP router will also need routes to force the incoming taffic to pass through the linux box before heading to the desitnation IP on the windows server?
I was thinking of a software firewall solution but this seems unmanageable once a few of the machines get public IP's.
Any advice on the best way approach this would be appreciated.