On Thu, Jan 20, 2005 at 09:52:33AM -0500, Leonard Isham wrote: > On Thu, 20 Jan 2005 09:48:05 -0500, Kanwar Ranbir Sandhu > > On Wed, 2005-19-01 at 17:23 -0500, Leonard Isham wrote: > > > Internet > > > | > > > DSL Modem or Internet Router > > > | > > > Firewall----Tenant-2 > > > | > > > Tenant-1 > > > > > > Firewall each tenant from the other tenants. Give each tenant a > > > different RFC 1918 address range. Use a Switch capable of trunking, > > > and a Ethernet card capable of trunking in the firewall to allow > > > multiple VLANs on one physical connection. > > > > I actually considered something like this, but what about those tenants > > that require a public IP? Wouldn't a separate NIC be required on the > > firewall to bridge the connection for each tenant? In that case, PCI > > slots would eventually run out (or there may be IRQ conflicts). > > > > On my previous post: > > "Use a Switch capable of trunking, and a Ethernet card capable of > trunking in the firewall to allow multiple VLANs on one physical > connection." > > Thrunking puts multiple VLANs on the same physical Ethernet cable. > Each VLAN is a seperate subnet. > What about... Internet | Cable-DSL Modem | Network-N-port-HUB | | | | | | | \ | | | \ | | | CustomerFixedIP | | | | | \ | | \ | | \ | | \ | | FixedIP4 | | YourRouterFirewall-NAT | | | | | N-port-HUB | | YourDHCPclients | | \ \ \ | | Ten1 Ten2 Ten3... | \ | \ | YourServiceBox What you place behind the modem depends on the service you purchase in front. There is little need to firewall the tenants from each other as long as they are connected to a switch so packet snooping is hobbled. -- T o m M i t c h e l l spam unwanted email. SPAM, good eats, and a trademark of Hormel Foods.