firewall

debianuser · November 6, 2006

Hello guys

thanks for taking the time to read this post...

I need to get two public IP address from my ISP... one for the firewall and the other one for the email server... the present firewall I am using right now is IP COP. However, IP COP has what they call the orange card.. which basically is a DMZ of the single IP address the firewall gets... or I do not want to do DMZ...

I wanna have two public IP, one hosted on the firewall so that I could use to do all kind of port forwardings to other servers running inside the lan also to the Video Conf. system and another public IP for the server that would be running the web and email server.

following me then?

so I don't think this is possible with IP COP... so I was wondering, do you guys have any other suggestions?

thank you

rigel

Uncle Toxie · November 6, 2006

If you want two public facing IPs your going to have to get your ISP to give them to you, and they are going to want more money from you. You may be better off doing port forwarding to your e-mail server as well. Do you know if the IP you have now is static? If you want to run an e-mail/web server you will probably want a static IP, unless you want to mess with something like DynDNS.

debianuser · November 6, 2006

If you want two public facing IPs your going to have to get your ISP to give them to you, and they are going to want more money from you. You may be better off doing port forwarding to your e-mail server as well. Do you know if the IP you have now is static? If you want to run an e-mail/web server you will probably want a static IP, unless you want to mess with something like DynDNS.

having two ip and paying for it is not a problem...

the server will be hosting the domain, i doubt i should do a port forwarding in that case

my question is more that I need another firewall solution in order to assign those two public IP address to the different network cards

thanks

stingwray · November 6, 2006

If IP Cop is any good then you should be able to set it up to forward all data for the second public IP address to a computer on your home network or DMZ.

I know Monowall does this so I don't see why not IP Cop shouldn't.

debianuser · November 6, 2006

If IP Cop is any good then you should be able to set it up to forward all data for the second public IP address to a computer on your home network or DMZ.
I know Monowall does this so I don't see why not IP Cop shouldn't.

so let's say I got this two public IP 87.0.0.0 and 89.0.0.0

so my firewall still is 87.0.0.0 but then I do a DMZ of the IP 89.0.0.0 to the internal mail server?

is that what you meant?

thanks a lot guys!

Uncle Toxie · November 6, 2006

Is the machine that you are running the firewall on also your router? You will need to put your routes and then make sure that the system your running mail on sits in front of the firewall, like Stinwray said.

I haven't had the pleasure of running a mail server yet but I think that rather than placing the entire box in a DMZ you can just route that traffic through the firewall, on the second IP, to your server. There really are a lot of different ways to set it up, just depends on your needs and wants. I'd love to hear how it works out for you and how you end up setting it up, keep us posted.

burn · November 7, 2006

According to this article, IP Cop supports a DMZ:

http://www.howtoforge.com/perfect_linux_firewall_ipcop_p2

That looks like it walks you through setting everything up quite nicely.

I like how they give each zone a color depending on it's threat level.

debianuser · November 7, 2006

Is the machine that you are running the firewall on also your router? You will need to put your routes and then make sure that the system your running mail on sits in front of the firewall, like Stinwray said.
I haven't had the pleasure of running a mail server yet but I think that rather than placing the entire box in a DMZ you can just route that traffic through the firewall, on the second IP, to your server. There really are a lot of different ways to set it up, just depends on your needs and wants. I'd love to hear how it works out for you and how you end up setting it up, keep us posted.

Ya I think I will keep my present public IP address and just do a port forwarding on port 25 to the mail server... the domain will be hosted on the mail server and if needed of a webserver, i will just add a port 80. I am just thinking that it won't be necessary to have a second public IP address.

thanks lads for the help

burn · November 7, 2006

It's not a good idea to have your Internet facing servers on your internal network. You'd be better off putting them in a DMZ, separated from your internal machines.

VaKo · November 7, 2006

Only if you have a true DMZ, the ones found on home user routers don't work like a real DMZ.

burn · November 7, 2006

Only if you have a true DMZ, the ones found on home user routers don't work like a real DMZ.

Yeah, but he's using IP Cop, which does offer a true DMZ.

VaKo · November 7, 2006

More of a heads-up to anyone reading this and thinking about doing the same on a smaller scale than directly to do with this thread.

Sign In

firewall

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Recently Browsing 0 members