Alexandre Takacs
asked on
Advice sought for Linux setup as edge server
I'd have a *nix box sitting on the open internet with an L2TP tunnel to our LAN (PFSense router). Everything works fine as is but I'd like to be able to use the multiple public IPs I have available on the *nix machine to route / NAT traffic into our LAN (in effect having multiple public IPs to play with, both inbound (mainly)/outbound.
I feel relatively comfortable with our router but I am seeking advice about the "edge" machine, with the understanding that it has to be some Linux distro. What tools would you use to configure such a setup ?
Any suggestion / pointer welcome
I feel relatively comfortable with our router but I am seeking advice about the "edge" machine, with the understanding that it has to be some Linux distro. What tools would you use to configure such a setup ?
Any suggestion / pointer welcome
Have you looked into PFSense's ability to support multiple WAN IPs on a single WAN interface? Or are you strictly trying to separate the edge router and an internal router(Sounds like PFSense would be your internal router)?
ASKER
Pfsense is my internal router and unfortunately I can't present it with my public IPs (that would be the best way).
What were you planning to use for your method of L2TP? PFSense supports doing OpenVPN/L2TP over multiple WANs. I think you would be able to use most common linux distributions for something like this, each just requiring different configuration steps.
Here is a netgate document on this process: https://docs.netgate.com/p fsense/en/ latest/rou ting/multi -wan-openv pn.html
My recommendations for distros are strictly based on my own experience of using OpenVPN mainly with both CentOS and Ubuntu.
Here is a netgate document on this process: https://docs.netgate.com/p
My recommendations for distros are strictly based on my own experience of using OpenVPN mainly with both CentOS and Ubuntu.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Interesting perspective - haven't thought to do it like this but seems perfectly doable. Thanks.
You're welcome!
Good luck!
Good luck!