"Transparent" Mode in IPCop / smoothwall / MNF (real IP inside firewall)

Currently I want to replace my firewall (sonicwall) in data center, as
it was configed as "transparent" mode as follows.


Public
|
|
|
|
Firewall (123.456.789.10)
|
|
|-------------------------------------------
| | | |
Web1 Web2 Ftp1 Ftp2

IP: 123.456.789.11 123.456.789.12 .13 .14
Gw: 123.456.789.10 .10 .10 .10


It means all the server inside firewal is using Real/public IP, instead
of the 192.168 internal IP.
And I can still control the port opening of the .11 to .14 in the rule
setting interface.


I have searched though all the forums and still can't get the following
answers.


1. Can IPCop / smoothwall / MNF support the above setting --
"transparent" mode ? If yes, how to set ?

2. I am not sure the above servers should be put in the lan(internal)
or the (dmz) ?

The purpose of the firewall is to protect the server and port
forwarding only.

(E-Mail Removed) schrieb:
> Currently I want to replace my firewall (sonicwall) in data center, as
> it was configed as "transparent" mode as follows.
>
>
> Public
> |
> |
> |
> |
> Firewall (123.456.789.10)
> |
> |
> |-------------------------------------------
> | | | |
> Web1 Web2 Ftp1 Ftp2
>
> IP: 123.456.789.11 123.456.789.12 .13 .14
> Gw: 123.456.789.10 .10 .10 .10
>
>
> It means all the server inside firewal is using Real/public IP, instead
> of the 192.168 internal IP.
> And I can still control the port opening of the .11 to .14 in the rule
> setting interface.
>
>
> I have searched though all the forums and still can't get the following
> answers.
>
>
> 1. Can IPCop / smoothwall / MNF support the above setting --
> "transparent" mode ? If yes, how to set ?
>
> 2. I am not sure the above servers should be put in the lan(internal)
> or the (dmz) ?
>
> The purpose of the firewall is to protect the server and port
> forwarding only.
>
Hi,

i think, all of these servers belong to the dmz.
IPCop and Smoothwall are not able to do this for you, because they
cannot work with the same IP on the ornage nic as on the red nic.
Corporate Firewall from Smoothwall and MFN can do.
Corporate Firewall is a commercial product (i love it).I don´t know, if
MFN is a commercial product and was available als a free version, too I
think. I don´t know, if mfn is still available as free version. Perhaps
someone else knows?

Fred

(E-Mail Removed) wrote:
> Currently I want to replace my firewall (sonicwall) in data center, as
> it was configed as "transparent" mode as follows.
>
>

We make this with devil-linux distribution

www.devil-linux.org

you could use fwbuilder to configure your rules

use bridge module
add interface in bridge
add ip to bridge if you need and you have the same setup

On 21 Jul 2005 23:43:57 -0700, (E-Mail Removed) wrote:

>
>Currently I want to replace my firewall (sonicwall) in data center, as
>it was configed as "transparent" mode as follows.
>
>
>Public
>|
>|
>|
>|
>Firewall (123.456.789.10)
>|
>|
>|-------------------------------------------
>| | | |
>Web1 Web2 Ftp1 Ftp2
>
>IP: 123.456.789.11 123.456.789.12 .13 .14
>Gw: 123.456.789.10 .10 .10 .10
>
>
>It means all the server inside firewal is using Real/public IP, instead
>of the 192.168 internal IP.
>And I can still control the port opening of the .11 to .14 in the rule
>setting interface.
>
>
>I have searched though all the forums and still can't get the following
>answers.
>
>
>1. Can IPCop / smoothwall / MNF support the above setting --
>"transparent" mode ? If yes, how to set ?
>
>2. I am not sure the above servers should be put in the lan(internal)
>or the (dmz) ?
>
>The purpose of the firewall is to protect the server and port
>forwarding only.

Hi,
The public IP's you list should be left on the red I/F. Only one of
the public IP's will be the "real" IPCOP red IF, all the others will
be added as aliases.
Add the aliases first.
Each IP should have an associated port forwarding rule (or rules) for
the particular server which can be either in the DNZ (orange) or LAN
(green) zones. The GW address for the servers will be the IPCOP orange
or green IF address.

This setup will operate "transparently". Machines in the public IP
range will see your servers on the designated ports.

Green or Orange is up to you. If you use orange it will be more
secure since your servers are kept out of the green zone and must
communicate with it (if required) through DMZ pinholes. The idea is
that if one or more of your servers gets compromised then it will be
prevented from attacking your green zone.

Public
|
Firewall (123.456.789.10)
|
IPCOP ...GW 123.456.789.10 (DNS can be same if Firewall forwards)
|
Red 123.456.789.11:80----> port fwd web1
alias 123.456.789.12:80------------->port fwd web1
alias 123.456.789.13:21------------->port fwd ftp1
alias 123.456.789.14:21-------------> port fwd ftp2
|
IPCOP Green 192.168.1.1
|
web1 192.168.1.2 GW 192.168.1.1
web2 192.168.1.3 GW 192.168.1.1
ftp1 192.168.1.4 GW 192.168.1.1
ftp2 192.168.1.5 GW 192.168.1.1

If you need more specifics ....please reply
Use IPCOP...its free, works well and deserves support