Proxy

Jack_son_
Jack_son_ used Ask the Experts™
on
If you have a network like so:

FW (interface with ISP ip and int with 10.1.140.1/does routing)  -- L2 SWITCH  (outside switch - ip 10.1.140.0/24)

I need to plug in another device to the outside switch with a public ip on the outside internface and then the other interface of the device needs to be setup with an inside ip.  Would the outside interface of the device be plugged into the firewall and the inside to the outside switch?  
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
I didn't understand your question..can you explain a little further?

Author

Commented:
Sure, I basically am trying to plug in a network device I am using as a proxy.  The issue is at the core I have a firewall and then a layer 2 switch going to the outside.  The proxy has one interface with  a public ip that routes directely outbound  And then an inside interface that goes to the inside network.

I think I will need to plug in 1 interface to the switch and then the other one to the firewall to route outbound?

Commented:
Idealy your proxy should be in a DMZ network, behind the firewall. The proxy can have an internal IP, say 10.2.140.2 and should be connected to the an interface of the firewall. The Proxy IP 10.2.140.2 can be nat-ed to the current public IP for outbound and maybe for inbound conections. Users will point their browsers to the private ip of 102.140.2 for proxy.
See the attached digram for more info.
Hope this helps.

Drawing1.jpg

Author

Commented:
Nice diagram - thanks!  So it looks like it is plugging into the firewall for the outside interface and you say to nat?  Then plugging into the switch in the dmz for the internal interface?

Author

Commented:
Also, if one interface on the proxy has a public ip directly assigned to it and the other interface has an internal ip, the interface with the public ip plugs into the firewall?
Commented:
If u have the attached diagram in mind, i reccomed that u do not implement the proxy in this way.
In the first diagram, the proxy only connects to the firewall. The proxy will connect to an interface of the firewall, and the default gateway of the proxy will be the firewall interface. You will not need any other internal connection.
Assign the 10.2.140.2/24 range IP to one interface of the proxy and disable the other interface. NAT the 10.2.140.2 to the existing public IP in the firewall. I hope that the public IP is of one ISP, i.e, of same range.
In your internal LAN switches you should route the proxy traffic towards the firewall. So when users access a web page, the traffic will come to the proxy via the firewall, and as per the rules and settings in the proxy, the traffic towards the website will go back out through the interface taking the default gateway of the proxy and then via the firewall and router out to the internet.
Try It.

Drawing2.jpg

Author

Commented:
Ok, so plug the int with the public ip into the firewall and the other interface into the dmz?
Commented:
Plug the interface with the public IP into a new interface in the firewall, (u will have to create rules, as per your firewal....this interface in the firewall will be the DMZ interfce) Disable the other interface on the proxy. No need for that. Your incomming and outgoin traffic will go through this one interface, connected to the firewall.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial