Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 09 November 2024, 12:26:56 pm

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14250 Posts in 4377 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Multiple ISP assigned ip addresses and second firewall
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Multiple ISP assigned ip addresses and second firewall  (Read 11378 times)
lpnb
Jr. Member
*
Offline Offline

Posts: 1


« on: Thursday 11 December 2008, 12:20:38 am »

Hi All, I have recently been looking at a gamut of Linux based firewalls and have settled on Endian to eventually replace my (my organisations) existing Sonicwall TZ170 and remove the ISA 2K server.
So what I have done is setup an efw connected to the OPT interface of the Sonicwall. This will eventually replace the sonicwall. I would like to just keep the existing infrastructure in place until I have full explored the potential of the efw and tested thoroughly.

I have been allocated a block of 4 subnet from my ISP and I have allocated the two ip addresses to the OPT of the Sonicwall and the RED interface of the efw respectively and attempted to route all traffic to the new subnet to the efw without much success. let me explain more how the network looks now and where I want it to be.

How my network looks now with fake public ip addresses: Smiley

http://i420.photobucket.com//pp284/lpnb/netdiag.jpg sorry for the bad diagram....not my forte! 
                                                                                             
The dashed line in the sonicwall is an attempted route setup but I can't seem to get access to the endian ip address from the internet.

On the EFW I have set up a port forward that allows SQL port 1433 to an internal SQL server. ( this is the one thing I am trying to get going urgently) The sonicwall needs to just route all trafic to the efw regardless (so maybe that is a question for a sonicwall forum but I just want to make sure that the overall concept of what I am trying to do it correct)

how it stand now:

I have turned on the proxy and can surf the net from a pc on the LAN that has its default gateway/proxy pointing at the EFW so routing seems to be honky dory from the inside.
I have turned on allow ping on both the external interface of the sonicwall and the RED interface of the EFW but I still can't ping either.
I have even tried to turn off any blocking rules on the sonicwall temporarily but still can't get to the EFW.
If I do a tracert to the ip address of the EFW from home I get a bunch of timeouts beyond my orgs ISP which is fine I think. but I DO get a reverse name resolution of the new IP address BUT I am concerned that there is still something screwy with the routing rules through the sonicwall???


As far as the SQL port forwading side of things is concerned, I added a static route on that machine so that packets would know how to route back out the way they came in.
Also of note is that I can ping both the RED IF of the EFW and the OPT interface of the Sonicwall but not from the out side.

Oh yeah and from what I understand of routing it seems that the only way I can use the block of 4 that I was recently allocated is to route them through my existing public IP address?? I really wanted to be able to multi home them so that I had the efw and the sonicwall directly plugged into the ADSL modems switch....but I could not get that to work as pppoe requires that you log in to the ISP and all the linux distos I tried only allows DHCP ip addresses to with the pppoe so it would just pick up the the same ip address on the EFW as the sonicwall (I plugged it in during late afternoon workday.....ooops! things stopped working for a few minutes....no one noticed! Roll Eyes )

Anyway enough questions for now and if someone has kindly read this far any help you could shed on the subject would be much appreciated.

Kind Regards,
Lach
(Brisbane Australia)



Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.031 seconds with 17 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com