firewall with real IP's
Hetz Ben Hamo
hetzbh at gmail.com
Sun Oct 17 19:55:43 IST 2010
Hi people,
At my business (hetz.biz) I'm using a small appliance as a firewall. It's
doing the protection pretty well, has a web interface, easy to setup etc..
I'm thinking about using virtual appliance based on open source software
(just for testing. I'm not going to let my customers work without good
firewall). That way I can expand the protection, and do some other stuff..
I've tried to play with ipcop and smoothwall, all with the same result (I
cannot ping or do anything outside).
The reason: Both of those apps are assuming that I'm using ETH0 ("Red") as
the interface to/from the world while ETH1 ("Green") is doing NAT
translation, and applying the firewall rules. My problem is that I'm only
using real IP's (82.X.X.X) and all the IP's are on the same subnet. I cannot
give the VM's 192.168.X.X or 10.X.X.X internal IP's cause naturally
customers wants real IP's, sometimes as much as 64 real IP addresses on a
single machine.
My questions:
* How can I configure such a firewall with real IP's without NAT?
* What would you recommend as a good firewall (please, only the ones who are
being updated and have docs. ipcop for example has old documents and you
really need to "hunt" for some good instructions. Smoothwall is old [2007]
and it's not being updated at all)
* Non related question: Could someone recommend a good hardware firewall
appliance that can transfer a GB traffic and doesn't cost minimum $10K?
Thanks,
Hetz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20101017/fadf9c13/attachment.html>
More information about the Linux-il
mailing list