<div dir="rtl"><div dir="ltr">Hi people,</div><div dir="ltr">At my business (<a href="http://hetz.biz">hetz.biz</a>) I'm using a small appliance as a firewall. It's doing the protection pretty well, has a web interface, easy to setup etc..</div>
<div dir="ltr">I'm thinking about using virtual appliance based on open source software (just for testing. I'm not going to let my customers work without good firewall). That way I can expand the protection, and do some other stuff..</div>
<div dir="ltr"><br></div><div dir="ltr">I've tried to play with ipcop and smoothwall, all with the same result (I cannot ping or do anything outside). </div><div dir="ltr">The reason: Both of those apps are assuming that I'm using ETH0 ("Red") as the interface to/from the world while ETH1 ("Green") is doing NAT translation, and applying the firewall rules. My problem is that I'm only using real IP's (82.X.X.X) and all the IP's are on the same subnet. I cannot give the VM's 192.168.X.X or 10.X.X.X internal IP's cause naturally customers wants real IP's, sometimes as much as 64 real IP addresses on a single machine.</div>
<div dir="ltr"><br></div><div dir="ltr">My questions:</div><div dir="ltr">* How can I configure such a firewall with real IP's without NAT?</div><div dir="ltr">* What would you recommend as a good firewall (please, only the ones who are being updated and have docs. ipcop for example has old documents and you really need to "hunt" for some good instructions. Smoothwall is old [2007] and it's not being updated at all)</div>
<div dir="ltr">* Non related question: Could someone recommend a good hardware firewall appliance that can transfer a GB traffic and doesn't cost minimum $10K?</div><div dir="ltr"><br></div><div dir="ltr">Thanks,</div>
<div dir="ltr">Hetz</div><div dir="ltr"><br></div>
</div>