I believe I am having Firewall issues and need to do some testing to find out for sure.

I have two servers having issues when connecting to users in the outside world.

Server 1: CentOS 5.7, single hardware ethernet interface, single eth0 interface configured on the system with a private IP (192.168.x.x). This puts it behind the firewall (Cisco PIX 506, it's old but can't replace right now).

Server 2: CentOS 5.7, single hardware ethernet interface, multiple eth0 interfaces (virtual) configured on system each with a single private IP (eth0, eth0:1, eth0:2, etc.). This puts the box behind the firewall as well.


The physical cabling of the system would technically allow me to just change IP addresses on the servers and 'move' them outside the firewall. However, the firewall is configured to push all network traffic from the LAN to the public IPs back to the private IPs, so changing the IP addresses would require reconfiguring the firewall and I am offsite and cannot get access to configure the fireall.

Can I set up virtual interfaces on the servers to accomodate the public IP and get the desired effect of giving the outside world more direct access to the boxes, while still allowing the LAN to get to them via private IP?

Would this create any routing issues or anything like that?

This is mainly for testing purposes to see if the Firewall is in fact my issue for these boxes, once I have my answer I will either put it back the way it is now or actually change all the IPs and then reconfigure the firewall next time I am on-site. I would assume that having both a public and a private IP is not a generally accepted practice for a server, but if I can do it for testing and get reliable results for a few days then that will be a big help.

What exactly are you trying to accomplish here?

Keep in mind that the firewall separates networks, not computers. The actual IPs are not relevant, except that private IPs won't propagate through your uplink. The computers are not behing the firewall because of their IPs, but if you are using DHCP, they'll have those IPs because they are at that network (that happens to be behind the firewall)

You can have a computer plugged to both networks, but you'll need two physical interfaces for that, so you can plug it on both networks. You can configure your firewall to let an external computer access internall addresses, so you can plug one computer only at the external network, but you'll need an address for it, added to the public address of your NAT box (probably the same box as the firewall). Any way you do that, you just can't solve it by setting virtual interfaces at the computers, you need to actualy plug them at the external network somehow.

Maybe you should seek help for the issue you are having with the firewall instead.