|
Title: Multiple interfaces problem Post by: siginigin on Wednesday 06 March 2013, 02:03:33 am Hello,
This is my first time with Endian. I have 5 interfaces on server with Endian, but I'm unsure how to set it up: 1st NIC - Management network, IP 1.1.1.1/24 2nd NIC - DMZ 1 zone, IP 2.2.2.2/24 3rd NIC - DMZ 2 zone, IP 3.3.3.3/24 4th NIC - Internal network, IP 4.4.4.4/24 5th NIC - RED zone, IP 5.5.5.5/24 I created virtual machine on ESX and I connected each interface into separate vlan on switch. First NIC was in Management network so after installation management NIC was in Green Zone. Red zone setup is clear. But what with the others NICs, if I have only one zone (Orange). So i tried to put all remaining NICs into Orange zone. Now I am able to ping Endian from DMZ 1, but not from DMZ 2 or Internal network. I can see same MAC address for firewall in each network (this MAC actually belong to DMZ 1 NIC). I'm sure I don't understand something, but I didn't find explanation on the web. So could you please help me how to do it? Thank you Title: Re: Multiple interfaces problem Post by: jeremycald on Wednesday 06 March 2013, 08:21:32 am Normally endian will only handle 4 zones and each of these zones can only be one subnet. Recently minor VLAN support was added for the Green Zone but it still only handles the same subnet across all VLANs involved. The Red zone can handle multiple interfaces on different subnets for traffic distribution/fail over.
RED = WAN Green = LAN Blue = Wireless Orange = DMZ Unless you are able to add zones/subnets under the covers you may be better off using pfSense Title: Re: Multiple interfaces problem Post by: siginigin on Tuesday 12 March 2013, 12:28:50 am OK, I understand.
But what if I still want to have 2 DMZ's? How can I achieve this? One way, I suppose, is don't put 2nd and 3rd NIC into Orange zone and configure it manually through console, setup IP addresses right on interfaces. By this manner I am able to ping DMZ servers from endian, but I can't ping endian from DMZ servers. I can see correct endian's mac addresses in arp table at least. I am unable to configure firewall rules through web frontend, because these interfaces aren't in any zone. Do I have to configure firewall rules manually? could you please advise me what to do? thank you for help. Title: Re: Multiple interfaces problem Post by: siginigin on Wednesday 13 March 2013, 12:03:32 am Finally we forced it to work :) problem was in ESX server, we had to turn on promiscuous mode on vlans endian is connected to.
|