Hello,
New to Astaro and just polishing off my first install...so far so good outside of a few small hiccups.
Dedicated p4 machine with a gig of ram and 2 NICs.
I have this setup on a DSL line running in bridged mode and letting the Astaro handle a PPoE login. This works and pulls up the gateway address successfully of 71.216.XX.XX/32
I also have a /29 block of IPs which I have added to the external interface menu as 71.216.XX.XX/32 for each of the 5 routable addresses.
Right now the internal network is running on 10.0.0.0/24 with servers in the static IP range and DHCP clients assigned above .100
I have NAT rules and packet filters set up that are allowing web traffic in to the servers by looking at which external ip the traffic came in on and then routing it to the right server on the inside. All is well.
Here is where I got stuck...I have an SSL cert issued to one of my servers on a public IP...I have the packet filter set up for HTTPS and a NAT rule for the server, but I think it is breaking since the traffic isn't matched to the right IP all the way through.
Is this where SNAT comes in? or ???
Before this was setup on a SOHO gateway that had a bridge between the 10. and the 71. networks. It worked but was less than ideal as it tried to achieve all of its routing and firewall rules based solely on MAC addressing. Sounds like a good idea until you have multiple IPs and rules on a single server..and then it becomes a nightmare! After several successive ISP firmware updates that completely wiped out all of the settings (no backup features either...nice!) I have decided that its time to move far far away from ISP controlled hardware.
I am open to suggestions to improve the setup any way possible. DMZ is a phrase that gets thrown around frequently on the forums...is this a setup I could better utilize? Whats the best way to go about setting it up...another NIC in the astaro box I get...but where from there.
Thanks in advance-
JH
This thread was automatically locked due to age.
