This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can someone verify my setup?

Hi,

I am planning my network prior strating to mess up with cables and setups. I would appreciate if someone could verify if my plan is correct.

Network: xx.x.x.192
Netmask: 255.255.255.224
Router: xx.x.x.193

ASL Box:
eth0 (LAN): 192.168.0.1/255.255.255.0
eth1 (DMZ): xx.x.x.222/255.255.255.224
eth2 (Ext): xx.x.x.194/255.255.255.224

eth2 connected with a cross-over cable directly to the Router, which is it's default gateway. eth0 goes to the LAN hub. eth1 goes to the DMZ swithch. Servers on the DMZ will occupy the 195-221 IP range with netmask 255.255.255.224.

Do I have to enable the ARP option on any of the interfaces?
Do I use DNAT or SNAT for web servers on DMZ?
Do I use DNAT or SNAT for mail server on DMZ (or SMTP proxy)?
Do I user DNAT or SNAT for DNS server (primary, sends zone transfers to secondary in a different location) or DNS proxy?

Thanks for helping,
Maurice

This thread was automatically locked due to age.

0 tom_01 over 23 years ago

Looks almost good.

If the router puts the .192/.224 network on the ethernet between itself and the ASL, you need proxy ARP on the external interface.

see the FAQ #4008
http://docs.astaro.org/asl-faq.pl#4008

/tom
Cancel
Vote Up 0 Vote Down

Cancel