fcthoresen
IS-IT--Management
We currently have a small office network that looks like the following.
DSL--DSLModem--et0/2514/eth1--hub(LAN)
| |
SMTP/Web Exchange
Users
We have 10 static (public) IP's from our ISP. They are being used on the DSLModem, the web and email servers and eth0 on the 2514.
We are not running any internal DNS, we rely on our ISP's.
I would like to make this design more secure and have looked into the following options.
1) Add a firewall after the DSL Modem
(Must do!)
2) Move everything including the
web/email behind the 2514 router
(private side)
My problems relating to this are that I don't quit know how to get either of these options to work. I have a small class c subnet that has been provided to us from our ISP (10 addresses).
Can the firewall be setup to have IP's, one on each interface that are in the same subnet? In which the firewall rules will govern which traffic will be passed through it?
Can the email and web servers be moved to the private side of network, in which case port forwarding would be set up on the Cisco 2514 for those services? Would the web/email servers have the same IP address' in their DNS entries provide by my ISP, which in turn would be the IP Address of the Cisco router as well? Thereby having only 1 visible address to the outside world.
As it stands now, the hack design we have works OK but is very insecure. I have also recently tried to eliminate the open relay on my SMTP server, but I haven't been able to fix it completely.
My apologies for the long posting, but I have not been able to find information that is helpful in these basic areas on the web or in any books.
Thanks.
DSL--DSLModem--et0/2514/eth1--hub(LAN)
| |
SMTP/Web Exchange
Users
We have 10 static (public) IP's from our ISP. They are being used on the DSLModem, the web and email servers and eth0 on the 2514.
We are not running any internal DNS, we rely on our ISP's.
I would like to make this design more secure and have looked into the following options.
1) Add a firewall after the DSL Modem
(Must do!)
2) Move everything including the
web/email behind the 2514 router
(private side)
My problems relating to this are that I don't quit know how to get either of these options to work. I have a small class c subnet that has been provided to us from our ISP (10 addresses).
Can the firewall be setup to have IP's, one on each interface that are in the same subnet? In which the firewall rules will govern which traffic will be passed through it?
Can the email and web servers be moved to the private side of network, in which case port forwarding would be set up on the Cisco 2514 for those services? Would the web/email servers have the same IP address' in their DNS entries provide by my ISP, which in turn would be the IP Address of the Cisco router as well? Thereby having only 1 visible address to the outside world.
As it stands now, the hack design we have works OK but is very insecure. I have also recently tried to eliminate the open relay on my SMTP server, but I haven't been able to fix it completely.
My apologies for the long posting, but I have not been able to find information that is helpful in these basic areas on the web or in any books.
Thanks.