1. Home
  2. Networking Firewalls
  3. "Transparent" Mode in IPCop / smoothwall / MNF (real IP inside firewall)

"Transparent" Mode in IPCop / smoothwall / MNF (real IP inside firewall)

Currently I want to replace my firewall (sonicwall) in data center, as it was configed as "transparent" mode as follows.

Public | | | | Firewall (123.456.789.10) | | |------------------------------------------- | | | | Web1 Web2 Ftp1 Ftp2

IP: 123.456.789.11 123.456.789.12 .13 .14 Gw: 123.456.789.10 .10 .10 .10

It means all the server inside firewal is using Real/public IP, instead of the 192.168 internal IP. And I can still control the port opening of the .11 to .14 in the rule setting interface.

I have searched though all the forums and still can't get the following answers.

  1. Can IPCop / smoothwall / MNF support the above setting -- "transparent" mode ? If yes, how to set ?

  1. I am not sure the above servers should be put in the lan(internal) or the (dmz) ?

The purpose of the firewall is to protect the server and port forwarding only.

Reply to
jcychk
Loading thread data ...

snipped-for-privacy@gmail.com schrieb:

Hi,

i think, all of these servers belong to the dmz. IPCop and Smoothwall are not able to do this for you, because they cannot work with the same IP on the ornage nic as on the red nic. Corporate Firewall from Smoothwall and MFN can do. Corporate Firewall is a commercial product (i love it).I don´t know, if MFN is a commercial product and was available als a free version, too I think. I don´t know, if mfn is still available as free version. Perhaps someone else knows?

Fred

Reply to
Fred Dehmel

We make this with devil-linux distribution

formatting link

you could use fwbuilder to configure your rules

use bridge module add interface in bridge add ip to bridge if you need and you have the same setup

Reply to
Philippe WEILL

Hi, The public IP's you list should be left on the red I/F. Only one of the public IP's will be the "real" IPCOP red IF, all the others will be added as aliases. Add the aliases first. Each IP should have an associated port forwarding rule (or rules) for the particular server which can be either in the DNZ (orange) or LAN (green) zones. The GW address for the servers will be the IPCOP orange or green IF address.

This setup will operate "transparently". Machines in the public IP range will see your servers on the designated ports.

Green or Orange is up to you. If you use orange it will be more secure since your servers are kept out of the green zone and must communicate with it (if required) through DMZ pinholes. The idea is that if one or more of your servers gets compromised then it will be prevented from attacking your green zone.

Public | Firewall (123.456.789.10) | IPCOP ...GW 123.456.789.10 (DNS can be same if Firewall forwards) | Red 123.456.789.11:80----> port fwd web1 alias 123.456.789.12:80------------->port fwd web1 alias 123.456.789.13:21------------->port fwd ftp1 alias 123.456.789.14:21-------------> port fwd ftp2 | IPCOP Green 192.168.1.1 | web1 192.168.1.2 GW 192.168.1.1 web2 192.168.1.3 GW 192.168.1.1 ftp1 192.168.1.4 GW 192.168.1.1 ftp2 192.168.1.5 GW 192.168.1.1

If you need more specifics ....please reply Use IPCOP...its free, works well and deserves support

Reply to
jnitron

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.