I am creating my first homegrown firewall I have 3 questions:
The firewall will be multi-homed. The subnet for this firewall is going to be a /30 network, thereby restricting it to two devices only.
On that /30 subnet: the incoming WAN traffic that will be connected to the WAN side of the LAN; the other side will be the outgoing traffic to the LAN that will be routed to the internal network.
As far as I can tell, I can choose to either use 3 Ethernet cards in this server, each with its own IP address; OR I can use 2 Ethernet cards assigning the WAN IP and one LAN IP to one, and the LAN IP to the other.
Keep in mind that I am not concerned about the costs but I see no point in using the IRQ space unnecessarily, if there is no hit to security by using multiple IPs.
Also, I'd like to use this server for additional services, other than firewall, such as RRAS, Authentication, Certificates (secondary), Services Authorization, IPSEC, Mail, etc.
The following are my 3 questions:
1. Can I assign multiple IP addresses to the incoming NIC, even though they are clearly on different subnets, and expect the NAT software to still route traffic properly?
2. Would doing this compromise the security of the firewall or the network, in any way?
3. Will adding the additional services to this firewall box weaken my security?
Thank you to everyone for your suggestions and recommendations.