Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 26 subscribers
  • Views 311 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Two wan for two seperate networks and public IP

Matthias Dürre

Hello,

I just want to know if the theory i have is technical poossible:

I have an Vmware virtual enviroment hosted at Hetzner.

I want to use Seperate Public IP for the webserver and the internal network.

The important part is, that Both IPs need their own MAC otherwhise the Hoster would block the internet access.

Both Interfaces will have the same Gateway ant netmask.

Heres a onedrive link:
https://lpggermany-my.sharepoint.com/:i:/g/personal/m_duerre_lpggermany_de/EaU_stl4BnZDoQrbTA-b17cBWfPgo3AvP7JG8P1cWS567A?e=y3yqbE

The idea ist, that if the Webserver should be attacked it would not affect the other Services.

Thank You!



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi Matthias, Welcome to Sophos Community. 

    You can configure the primary IP on the WAN interface and the other one (second IP) as Alias IP on the same interface. This way You'll have two separate IP and both of them will have MAC addresses (Alias IP will share the MAC of Physical interface).

    To create Alias IP , Follow this one : https://support.sophos.com/support/s/article/KB-000036735?language=en_US (Except for the DNAT part)

    Assuming you've v18 in the SFOS, You need to create two separate NAT rules to MASQ the server and other traffic via their separate IPs.

    Posting a few snapshots according to your network diagram here,

    NAT rule for your WebServer :



    NAT rule for the Internal Network :



    This way you can NAT outgoing requests coming from specific IP/Networks to required IPs.

  • 0 in reply to FormerMember

    Hello,

    the Problem is, if i use the alias, the Second IP would have no Internet connection.

    The Hoster dictates that each IP which will communicate to the Internet must have teyr own MAC assigned.

    So i think a second Gateway shold be the right way, but im not shure how to configure the Firewall.

    I Successfully created the second gateway which is online, but how to tell the Firewall to use this for the Webservers internal network?