Re: Networking advice

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jan 20, 2005 at 09:52:33AM -0500, Leonard Isham wrote:
> On Thu, 20 Jan 2005 09:48:05 -0500, Kanwar Ranbir Sandhu
> > On Wed, 2005-19-01 at 17:23 -0500, Leonard Isham wrote:
> > > Internet
> > >   |
> > > DSL Modem or Internet Router
> > >   |
> > > Firewall----Tenant-2
> > >   |
> > > Tenant-1
> > >
> > > Firewall each tenant from the other tenants.  Give each tenant a
> > > different RFC 1918 address range.  Use a Switch capable of trunking,
> > > and a Ethernet card capable of trunking in the firewall to allow
> > > multiple  VLANs on one physical connection.
> > 
> > I actually considered something like this, but what about those tenants
> > that require a public IP?  Wouldn't a separate NIC be required on the
> > firewall to bridge the connection for each tenant?  In that case, PCI
> > slots would eventually run out (or there may be IRQ conflicts).
> > 
> 
> On my previous post:
> 
> "Use a Switch capable of trunking, and a Ethernet card capable of
> trunking in the firewall to allow multiple  VLANs on one physical
> connection."
> 
> Thrunking puts multiple VLANs on the same physical Ethernet cable. 
> Each VLAN is a seperate subnet.
> 

What about...

              Internet
                 |
           Cable-DSL Modem 
                 |
         Network-N-port-HUB
           |   |    |   |
           |   |    |   \
           |   |    |    \
           |   |    |   CustomerFixedIP
           |   |    |
           |   |    \
           |   |     \
           |   |      \
           |   |       \
	   |   |     FixedIP4
           |   |   YourRouterFirewall-NAT
           |   |            |
           |   |        N-port-HUB
           |   |       YourDHCPclients
           |   |         \      \    \
           |   |         Ten1  Ten2  Ten3...
           |   \
           |    \
           |   YourServiceBox


What you place behind the modem depends on the service 
you purchase in front.   There is little need to firewall the 
tenants from each other as long as they are connected
to a switch so packet snooping is hobbled.




-- 
	T o m  M i t c h e l l 
	spam unwanted email.
	SPAM, good eats, and a trademark of  Hormel Foods.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux