I have been asked to come up with a suggestion about how to implement a website for an organization.

The website itself is fairly small, only about static 150 pages. Of these pages about 60 should be for internal use only and the rest should be public. The pages are updated rarely.

The organization has about 900 members and all of them are blessed with fixed class A IP address organized in 8 subnets. The organization can make moderate investments but has next to zero IT administration resources and knowledge.

My idea is to propose a Linux based solution.

The website itself should be fairly straight forward with Linux and apache.

For the internal pages I have an idea that I could use a firewall to filter the web pages based on the users IP address. Since I know the addresses of all members I could use these as key to the internal pages thereby cutting away the need of user-ID/password or something similar for the members to use to access the internal pages.

Preferably it should be a bastion server containing all the functions.

The workload will probably be fairly moderate so a solution with a fairly high end server using Xen to separate web server and firewall, maybe even put a proxie server in between, cashing the pages (that should bump up security), should also be possible.

Maybe there is a much easier way to implement this? I don't want to shoot myself in the foot by suggesting something that is difficult to implement. If I do, I'm sure someone will decide we should go for an IIS/ISA solution even if it will be horribly expensive.

Also, any suggestions about potential pitfalls are appreciated.

I'm no apache guru, but you should be able to restrict access locally at the directory or virtual host level within apache. Something like