I have a project I am currently planning; it is for my business/home network. The project is pretty involved for a SOHO network. I'd like to get some input, advice, recommendations, etc.
Much of the project is in place and functional; but I am completely revising it to add Gigabit LAN and some legacy Cisco gear for L3 routing / L2 switching to the WAN and to isolate my business.
Most importantly of all I am building my first NAT/Firewall (Multi-homed PC), my first DMZ, my first Linux Mail Server; my first RRAS/VPN; my first Authentication Certificate Server; my first Privilege/Authorization server; my first NSM (all of which will run in the DMZ). I’ll be running DHCP services so I’ll need relay agents, configured appropriately, etc.; and, at some point I'd like to begin hosting my own web site (though the trade-offs may not work for me...I am still not sure about this one).
This project will be mostly complete within the next 21 days, though certain components will develop over the next 12 months. Much of it is so I may serve my customers; much of it is for certifications; much of it is for personal home use.
I am doing this while serving my clients, studying, and trying to enjoy life a bit.
§ 1 Cisco 1700 Router
§ 1 Cisco 2600 Router
§ 1 Cisco 2900 XL Catalyst Switch
§ 1 Linksys SRW 2008 Gbit 8 port Switch w/ mini-gbic uplink
§ 3 Linksys EG005W Gbit 5 port switches
§ 1 SMC 2804WBRP-G Barricade F/W
§ 11 Servers (each with multi-disk; multi OS configs: all x86; multiple versions of Svr2K8; Svr2K3; XP; Vista; debian; slackware; fedora; Redhat; Centos; SuSE, Solaris, free BSD)
§ Four clients (home computers)
§ Two network printers (one photo; one tri-color laser)
§ A photo scanner
§ PDAs (wireless and direct)
Three French Hens
Two Turtle Doves and
A Partridge Family Greatest Hits Album
I want to achieve:
§ Full Gigabit Backbone for the LANs; 802.11g for the wireless (WPA and Mac filtered: large omni-directional antenna already in place and functioning well)
§ Fast Ethernet for Routing beyond the LANs to the WAN interface; /30 subnets for all routers)
§ Entertainment: 2x homegrown multi-head DVR servers; Linux with Myth TV, will Backup/Retrieve to/from SAN (only one disk inside for the OS)
§ SAN: 2x homegrown Linux towers; 11 disks ea., 5.008 TB (10x 500GB; 1, 80GB) RAID 1+0
So, anyone up for helping me mix and match this menagerie of “GRRRR Animals?”
I have some direct questions I will ask right up front. My first one is this:
Question: If I multi-home a PC to make it my firewall. It must be absolutely secure. I know I can assign multiple IP addresses to a NIC; therefore, I would like to assign the WAN address to the WAN NIC but I’d also like to assign a /30 IP address to that NIC, as well, for routing to the LAN NIC which will also be a /30 IP address, the only other device on that same subnet.
1. Would doing this allow the box's routing function to operate properly?
2. Would doing this compromise the security of the firewall or the network, in any way?
Thank you in advance for all of your suggestions and recommendations.