shorewall with 2 external static ips and DMZ
At present, I have 2 external static IPs, one of which, eth0, is the usual gateway for the internet and the second is another site which will be an IP based virtual host to provide SSL security later. These 2 IPs run from ADSL through a hib to their respective ethernet cards.
The server has 3 additional ethernet cards: eth2 handles traffic for 2 name-based virtual hosts, eth3 handles mail services for all users, and eth4 is totally off limits to internet users.
Connectivity has not been a problem, nor has local DNS.
Now its about the firewall ......
What I have tried to do first was divide traffic by type, which creates 2 dmz areas (eth2 and eth3) as well as internal lan networks (192.168.0.0, 192.168.1.0, 192.168.2.0 and 192.168.3.0)
This permits an easier migration of developing sites to dedicated colo servers later on.
It seems I should be able to adapt the 'three-interface firewall' in shorewall's documentation.
The only potentially 'messy' area is in the Proxy ARP (or DNAT) setup, as I see it.
Am I heading for an unseen cliff????
Any thoughts or suggestions would be most welcome.