I have an iptables firewall, with kernel 3.x (I’m using last version of Debian).
This FW has 4 interfaces:
a) 1 internal interface to the VLAN for servers, that at the same time gives access (using a switch that can route) to the VLAN for users.
b) 1 external interface to give access to internet, with a non public IP (there is a local network between this interface and the router). It’s called “Wall:eth1:ip-2”.
c) 1 external interface to give access to internet (this is the backup data communication line), with a non public IP (there is a local network between this interface and the router). It’s called “Wall:eth2:ip”
d) 1 external interface with a public IP used to create an VPN to an external partner (ipsec).
In the case of the interfaces giving access to internet (b and c), I plan to switch between them in case one of them loss communication. I’ll do it using a simple script that change the default route in the FW.
So, I’ve created 4 NAT rules using Firewall Builder:
1 for communication between servers and users VLAN (doesn’t nat)
1 for communication between users and servers VLAN (doesn’t nat)
1 for communication between both VLANs and internet using the normal internet interface
1 for communication between both VLANs and internet using the backup internet interface
I’m not sure if this is gonna work, and I’d like to ask your opinion about it.
I also don’t know if I should create NAT rules for the interface that connects to a external partner via VPN (using Ipsec).
Thank you again for your help.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello,
I have an iptables firewall, with kernel 3.x (I’m using last version of Debian).
This FW has 4 interfaces:
a) 1 internal interface to the VLAN for servers, that at the same time gives access (using a switch that can route) to the VLAN for users.
b) 1 external interface to give access to internet, with a non public IP (there is a local network between this interface and the router). It’s called “Wall:eth1:ip-2”.
c) 1 external interface to give access to internet (this is the backup data communication line), with a non public IP (there is a local network between this interface and the router). It’s called “Wall:eth2:ip”
d) 1 external interface with a public IP used to create an VPN to an external partner (ipsec).
In the case of the interfaces giving access to internet (b and c), I plan to switch between them in case one of them loss communication. I’ll do it using a simple script that change the default route in the FW.
So, I’ve created 4 NAT rules using Firewall Builder:
Here you can see the image of that configuration: http://imageshack.com/a/img809/3825/tqxa.png
I’m not sure if this is gonna work, and I’d like to ask your opinion about it.
I also don’t know if I should create NAT rules for the interface that connects to a external partner via VPN (using Ipsec).
Thank you again for your help.