Dual gateway firewalls

S

SYROB

What is this storage?
Joined
Apr 15, 2002
Messages
58
Hi,

Is it possible to set up a dual firewall router setup with a cable modem. We have a 41 and 81 Linksys router FW and want to have them connected in series with full FW protection for each individually. The first one (connected directly to the cable modem) will be DMZed for one server which will be alone on the router so if it is hacked the second router (down stream) will protect the rest of the network ? How to do this ?

SYROB :D
 
Buck

Buck

Storage? I am Storage!
Joined
Feb 22, 2002
Messages
4,514
Location
Blurry.
Website
www.hlmcompany.com
This shouldn't be a problem SYROB. Connect the first router to your cable modem (WAN). Connect your server to one of the internal LAN connectors on the router's switch. Set the router up to accept an IP address from your ISP and you can either set it to DHCP or static for the private network you just created for your server.

Then attach your second router to one of the other LAN ports on the first router's switch. Plug that cable into your second router's WAN port. It will use an IP address from the first router. Then set up the private network on the second router to DHCP or static.

You can daisy chain several routers in this fashion. The connections would look like this:
(cable company)ISP-->WAN(first router)
(first router)LAN-->WAN(second router)

. . . remember, the connection from your ISP is really a LAN for them. That is why as you daisy chain, you just continue to link LAN to WAN, LAN to WAN, etc.
 
C

Cliptin

Wannabe Storage Freak
Joined
Jan 22, 2002
Messages
1,206
Location
St. Elmo, TN
Website
www.whstrain.us
One thing to be aware of is if you set both routers to DHCP serve then they are likely to hand out addresses on the same subnet by default. You need to make sure that they are handing out addresses on different subnets either by designating one of them specificly and not using default or using static for the NAT of the first firewall.
 
J

James

Storage is cool
Joined
Jan 24, 2002
Messages
844
Location
Sydney, Australia
Yes, you definitely want NAT turned off on the first router or Things Will Go Badly.

In general, I think these integrated firewall/router units are pretty good - I don't know how much extra protection you're getting by putting two in series. You should probably be more concerned about outgoing traffic from your LAN, ie. worms and trojan horses.
 
blakerwry

blakerwry

Storage? I am Storage!
Joined
Oct 12, 2002
Messages
4,203
Location
Kansas City, USA
Website
justblake.com
I agree with the limited protection of 2 vs 1 home router...

on my D-link 704 you can put different computers (by individual or ranges of IP's) into seperate groups... each group has their own rules on what goes in and what goes out... I would think linksys 4 port would have this feature as well(considering it was 20% more expensive)..
 
You must log in or register to reply here.
Top