I am researching some solutions for a Debian based firewall and looking for comments, thoughts, etc.
I will be setting up a redundant VPN firewall (i.e. two system running debian 3.0, with latest kernel/openswan
and possibly grsecurity, with HA managing the monitoring/failover). The two systems will have several external IP addresses assigned to them, for the various services the systems they are protecting.
I need initially, to keep 4 networks behind the firewall separated. I have a Layer 2 switch all the (internal) systems will be connected that supports VLANS. I was looking at setting up VLANs for each network on the switch and configuring vlans on the firewalls internal interface. I've not done this on Linux before and am wondering how complex this would be to accomplish with the fact that there would be the two firewalls. I think it would be simpler to purchase additional nics for the firewalls (one per network), but this would limit how many separated networks could be protected by the firewalls. below is my attempt at a ascii diagram of what I need to accomplish.
Thanks in advance.
Inet | |----| fw0 fw1 | | LAN0-Switch0-LAN3 | | LAN1 LAN2
Sean McAvoy Network Analyst Megawheels Technologies Inc.
Phone: 416.360-8211 x242 Fax: 416.360.1403 Cell: 416.616.6599
