I was wonder whether someone could sense check this for me. I have a friends business who has acquired an internet facing dedicated server. He has asked me to set it up in a IaaS type solution for a directory server, mail server, web server etc.
As it is completely internet facing which no dedicated hardware firewall in front of it. I have decided to virtualize the setup, which should also offer some increased security.
The hypervisor itself has a windows firewall enabled and fully closed for incoming connections currently. It has a single public IP currently assigned to it's nic directly, but we have 3 more IPs available.
Firstly, is the setup I have briefly synopsis-ed on the attached diagram possible with only one NIC in the server?
Other questions I need answering.
How do I get the other public IPs through to the VM's? Does the there need to be NAT setup somewhere, and if so where? On the 2012 box or the debian firewall vm?
Are my usage of vSwitch's correct and their function right? (Internal, External etc)
Would it be best to give the VM's local private addresses and NAT through or give them WAN ip's and setup some routing?
Any help would be much appreciated on this.