Network Config (was Re: [NBLUG/talk] Changed Network)
sms at sonic.net
sms at sonic.net
Fri Apr 30 13:25:59 PDT 2004
> The idea is to create two seperate networks off the two high speed
> connections. The two networks should be fairly secure from one another.
> Traffic from one 192.168.0 cannot see traffic from 192.168.33.
>
> Sonic.net
> | |
> | |
> | | also forwarding nessicary ports
> Balancing Router (nating 192.168.100) gateway to internet
> | |
> | | 192.168.100 network
> | Router2 (in design only-not there yet)
> | \
> | \
> | ---- 192.168.0 network (agin not there yet)
> |
> Router1 192.168.33 network providing nat DHCP (to non servers) and
> | port forwarding
> |
> Switch
> | | | \
> computers
With no offense intended toward Sonic (who I regard as distinctly
"best-of-breed" among ISP's), whenever I see 2+ links to the outside
I like to place 'em with different carriers so serious errors on one
won't take you offline. What's the technology on those lines? T1?
For most purposes, I would expect you could eliminate Router1 & Router2
and place their functions onto the "balancing router" (if it has the
CPU/RAM capacity to handle all the functionality; NAT-PAT stuff can
take a lot of power). The right "ACLs" or other policies should keep
the networks separate.
If you're feeling the need of security, you've created 2 "DMZ's" with
this 2-layer design (the two segments between the balancing router" and
the "RouterN" routers), and could place your "semi-public" servers
there (I guess the 192.168.100.0/24 net is in use already? Turning it
into a DMZ may not be viable).
- Steve S.
More information about the talk
mailing list