debianuser Posted November 6, 2006 Posted November 6, 2006 Hello guys thanks for taking the time to read this post... I need to get two public IP address from my ISP... one for the firewall and the other one for the email server... the present firewall I am using right now is IP COP. However, IP COP has what they call the orange card.. which basically is a DMZ of the single IP address the firewall gets... or I do not want to do DMZ... I wanna have two public IP, one hosted on the firewall so that I could use to do all kind of port forwardings to other servers running inside the lan also to the Video Conf. system and another public IP for the server that would be running the web and email server. following me then? so I don't think this is possible with IP COP... so I was wondering, do you guys have any other suggestions? thank you rigel Quote
Uncle Toxie Posted November 6, 2006 Posted November 6, 2006 If you want two public facing IPs your going to have to get your ISP to give them to you, and they are going to want more money from you. You may be better off doing port forwarding to your e-mail server as well. Do you know if the IP you have now is static? If you want to run an e-mail/web server you will probably want a static IP, unless you want to mess with something like DynDNS. Quote
debianuser Posted November 6, 2006 Author Posted November 6, 2006 If you want two public facing IPs your going to have to get your ISP to give them to you, and they are going to want more money from you. You may be better off doing port forwarding to your e-mail server as well. Do you know if the IP you have now is static? If you want to run an e-mail/web server you will probably want a static IP, unless you want to mess with something like DynDNS. having two ip and paying for it is not a problem... the server will be hosting the domain, i doubt i should do a port forwarding in that case my question is more that I need another firewall solution in order to assign those two public IP address to the different network cards thanks Quote
stingwray Posted November 6, 2006 Posted November 6, 2006 If IP Cop is any good then you should be able to set it up to forward all data for the second public IP address to a computer on your home network or DMZ. I know Monowall does this so I don't see why not IP Cop shouldn't. Quote
debianuser Posted November 6, 2006 Author Posted November 6, 2006 If IP Cop is any good then you should be able to set it up to forward all data for the second public IP address to a computer on your home network or DMZ.I know Monowall does this so I don't see why not IP Cop shouldn't. so let's say I got this two public IP 87.0.0.0 and 89.0.0.0 so my firewall still is 87.0.0.0 but then I do a DMZ of the IP 89.0.0.0 to the internal mail server? is that what you meant? thanks a lot guys! Quote
Uncle Toxie Posted November 6, 2006 Posted November 6, 2006 Is the machine that you are running the firewall on also your router? You will need to put your routes and then make sure that the system your running mail on sits in front of the firewall, like Stinwray said. I haven't had the pleasure of running a mail server yet but I think that rather than placing the entire box in a DMZ you can just route that traffic through the firewall, on the second IP, to your server. There really are a lot of different ways to set it up, just depends on your needs and wants. I'd love to hear how it works out for you and how you end up setting it up, keep us posted. Quote
burn Posted November 7, 2006 Posted November 7, 2006 According to this article, IP Cop supports a DMZ: http://www.howtoforge.com/perfect_linux_firewall_ipcop_p2 That looks like it walks you through setting everything up quite nicely. I like how they give each zone a color depending on it's threat level. Quote
debianuser Posted November 7, 2006 Author Posted November 7, 2006 Is the machine that you are running the firewall on also your router? You will need to put your routes and then make sure that the system your running mail on sits in front of the firewall, like Stinwray said.I haven't had the pleasure of running a mail server yet but I think that rather than placing the entire box in a DMZ you can just route that traffic through the firewall, on the second IP, to your server. There really are a lot of different ways to set it up, just depends on your needs and wants. I'd love to hear how it works out for you and how you end up setting it up, keep us posted. Ya I think I will keep my present public IP address and just do a port forwarding on port 25 to the mail server... the domain will be hosted on the mail server and if needed of a webserver, i will just add a port 80. I am just thinking that it won't be necessary to have a second public IP address. thanks lads for the help Quote
burn Posted November 7, 2006 Posted November 7, 2006 It's not a good idea to have your Internet facing servers on your internal network. You'd be better off putting them in a DMZ, separated from your internal machines. Quote
VaKo Posted November 7, 2006 Posted November 7, 2006 Only if you have a true DMZ, the ones found on home user routers don't work like a real DMZ. Quote
burn Posted November 7, 2006 Posted November 7, 2006 Only if you have a true DMZ, the ones found on home user routers don't work like a real DMZ. Yeah, but he's using IP Cop, which does offer a true DMZ. Quote
VaKo Posted November 7, 2006 Posted November 7, 2006 More of a heads-up to anyone reading this and thinking about doing the same on a smaller scale than directly to do with this thread. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.