2

A network configuration question from a relative newbie...

We have an existing LAN setup, with a hardware firewall (D-Link DIR-655) and a Microsoft Small Business Server (which does the DHCP).

We have been assigned multiple Public IPs by our ISP, but the D-Link can only have a single static IP AFAIK. I am looking to use our additional IPs by pointing them to a few different web servers internally.

My proposed network design, is to create a SmoothWall VM (VirtualBox). I would then put the VM in the DMZ. That way, SmoothWall can take the incoming requests to our other Public IPs, and forward the port 80 ones on to the correct (virtual) machines within our network.

Is this the correct way of setting up the network?

Note: I'm trying to avoid taking down the existing LAN as we run our main business Exchange server and other services via the first public IP address. I also don't have a spare hardware machine with 2 NICs for the SmoothWall install, although if there are significant advantages to that then we can consider getting one.

1 Answers1

1

The important question is how the external connections will find their way to your network, regardless of whether it is in the DMZ or not. You may need to change the way you are connecting to your ISP.

Was about to suggest putting dd-wrt on your DIR-655 except that it is not a supported device.

You may want to put the SmoothWall on a physical box and then use that to connect to your ISP instead of your DIR-655. It is possible to stick multiple IPs onto a single physical interface. Then, you can route your traffic in SmoothWall to wherever you want it to. In fact, it may be easier to differentiate the IPs this way.

[internet]---(red)---[smoothwall]---(green)---[dir-655]
                          |
                          +---(orange)---[public VM servers]
sybreon
  • 7,405
  • 1
  • 21
  • 20