Thursday, February 7, 2019

vpn - Multiple static WAN IP addresses to single LAN subnet



Below is my home network topology. I currently have 5 static IP addresses, 3 of which are in use by 3 routers. These routers in-turn subnet internal networks and port forward. I use my SSL VPN appliance to remote home from work or on the road. At this point I can remotely administer my Windows Server. I know the network is setup wrong, I was matching existing hardware the best I knew how.




http://storage.jessyhoule.com.s3.amazonaws.com/network_topology.jpg



Ok this said, here is the problem... One of my websites on my Windows Server now needs to be secure (SSL using port 443). However, I'm already port forwarding port 443 to my VPN appliance. Furthermore, if I'm going to have to reconfigure the network, I would really like to be able to use the SSL VPN to remotely administer all machines.



I mentioned this to a friend of mine, who said that what I was looking for was a firewall. Explaining that a firewall would take in multiple static (WAN) IP addresses, and still allow all internal devices to be on the same network. So, basically, I could supply my SSL VPN appliance it's very own static (WAN) IP address routing, and yet have it on the same internal network (192.168.1.x) as all my other devices.



The first question is... Does this sound right? Secondly, would you suggest anything different? And, finally, what is the cheapest way to do this? I am started down the road of downloading/installing untangle and smoothwall to see if they will do the job, hoping they take multiple static (WAN) IP addresses.



Thank you in advance for your answers.




-Jessy Houle


Answer



If you simplify your configuration to the following Modem -> DDWRT -> Optional switch if the DDWRT doesn't have enough ports -> Servers/Clients. You should be able to setup you configuration such that the DDWRT router is listening on all of the public IP's and forwarding to the correct host using iptables.



Sorry, I can't give you the exact commands as I don't work with iptables all that much, and do everything but basic host fire walling using Cisco routers/asa's.



Also you will probably get a better answer on SU - they probably use that type of setup more often, so i'm going to vote to have it moved over.



Ask and ye shall receive (From the DDWRT Website)



-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...