The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hardware - External Firewalls

Discussion in 'General Discussion' started by sarcym, Nov 6, 2004.

  1. sarcym

    sarcym Registered

    Joined:
    Nov 6, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    I've been thinking of implementing a hardware firewall into my network and am trying to work out the best approach to get this up and running - I have a few questions that I can't seem to get my head around, hence finding this forum and posting my questions :)

    Basically, here is what I want to achieve with my understanding thus far

    1. Install a firewall server running linux / iptables or something like smoothwall (maybe even the corporate version which integrates multiple external interface support by default) http://community.smoothwall.org/forum/viewtopic.php?t=4820
    This server / firewall will be protecting my entire network, which includes several servers running cPanel and other servers that don't run cpanel.

    My understanding is this

    The firewall would be accessable via an external (public IP , say eth0 123.123.123.123)
    All of the current public IP's in usage on the exsting servers in my network would be added to the firewall server eth0:1 eth0:2 etc etc. These would be my publicly accessable IP's.

    My internal (NAT) network 10.0.0.0/24 for example would be sub netted and the network configurations on all machines (other than the firewall box) changed to their new NAT IP's rather than the currently publicly accessable IP's.

    The firewall server would be forwarding public IP's (123.123.123.124 etc etc) to the NAT IP's 10.0.0.2 10.0.0.3 etc etc and ports as required.

    Is this the correct way to do this?

    My real question relates to the setup of cpanel, would I need to reconfigure all of my virtualhosts and IP configurations on each machine to use the internal network IP's (10.0.0.x), rather than the current public IP's?

    This seems like it would be confusing for users, as the IP's listed within the control panels would no longer be the real publicly accessed IP's - they would be the 10.0.0.x IP's that aren't accessable.

    Will cPanel run like this for licensing purposes? I know that the server must be accessable via a public IP, it would be, but the eth0 device on each server would need to be a 10.0.0.x and the real public IP forwarded to that address from the firewall machine - will this work?

    Sorry for all of the questions, I can't seem to get my head around the whole picture, it seems very simple and yet complicated too :) If anyone can lend a hand and explain some of this or offer a solution for external firewalling, I'm sure it would benefit not only myself but a few others too as I can't seem to find much info on this subject.

    Thank you for your input.
     
Loading...

Share This Page