请帮帮忙!
ISP给了我16个以太网链接和16个公共IP。 如何设法将防火墙放在其他IP之前?
===================================
[ISP]
100.100.100.161/255.255.255.240
===================================
===================================
[FIREWALL_FREEBSD]
rl0=100.100.100.162/255.255.255.240
rl1=192.168.0.2/255.255.255.0
gateway=100.100.100.161
===================================
===================================
[SERVER THAT SHOULD STAY BEHIND THE FIREWALL]
rl0=192.168.0.20/255.255.255.0
gateway=192.168.0.2
===================================
答案 0 :(得分:0)
好吧,我解决了将16个IP分成2个块并要求ISP将第二个块的数据包路由到我自己的防火墙的任务。
所以在第1块(ISP的同一网)上,它位于我的防火墙
在第2块(与ISP的段无关,只能通过我的防火墙访问)我可以放置我的服务器。
ISP route: 100.100.100.168/29 ==> 100.100.100.169
[ISP list of my IP addresses]
100.100.100.160/255.255.255.248 = begin of block 1
100.100.100.161/255.255.255.248 = ISP gateway
100.100.100.162/255.255.255.248 = my firewall FreeBSD (rl0)
100.100.100.163/255.255.255.248
100.100.100.164/255.255.255.248
100.100.100.165/255.255.255.248
100.100.100.166/255.255.255.248
100.100.100.167/255.255.255.248 = end of block 1
-------------------------------
100.100.100.168/255.255.255.248 = begin of block 2
100.100.100.169/255.255.255.248 = my firewall (rl2)
100.100.100.170/255.255.255.248
100.100.100.171/255.255.255.248
100.100.100.172/255.255.255.248
100.100.100.173/255.255.255.248
100.100.100.174/255.255.255.248
100.100.100.175/255.255.255.248 = end of block 2
[FIREWALL_FREEBSD]
rl0=100.100.100.162/255.255.255.248 (on same net of block1)
rl1=192.168.0.2/255.255.255.0 = (local network)
rl2=100.100.100.169/255.255.255.248 = (gateway for my servers)
rl2=100.100.100.170/255.255.255.248 = my server 1
rl2=100.100.100.171/255.255.255.248 = my server 2
rl2=100.100.100.172/255.255.255.248 = my server 3
)
[SERVER BEHIND THE FIREWALL]
rl0=100.100.100.170/255.255.255.248
gateway=100.100.100.169 (my firewall)