I have to agree with Gordon here. I have set up this exact design at a
friend's office.
Here is how we have it...
He owns a bunch of IPs in the 12.14.x.y range. We have the web and email
services set up on that network. All of the internal workstations are in
the 10.0.1.x (non-routing) range.
Internet
|
Router
|
(eth0)
+-Firewall--+
(eth1) (eth2)
12.14.x.y 10.0.1.1
| |
------------ --------
WWW, SMTP, etc Workstations
We also added something else that you might or might not want to do
We have the true mail server in the 10.0.1.x area. The one in the 12.14.x.y
Area gets the mail from the outside then passes it on to the main mail
server.
We do this with multiple MX records. The mail also goes out this way via
A "relay" entry in the sendmail configuration files.
Good Luck!
Warren
-----Original Message-----
From: Gordon Messmer [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 03, 2000 8:09 PM
To: [EMAIL PROTECTED]
Subject: Re: Network Design
You might save yourself a lot of money if you set up your front firewall
with three interfaces instead of two. You're also less likely to have
problems with weird applications going through one firewall than two.
-------- Internet --------
|
|
Router
|
|
---eth0 eth1----eth2
| Firewall |
| |
--hub1 -- |
| | private network
| |
eth0 eth0
www ftp
mail
telnet
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
