Part two
-
Has anyone done this before, and how well does it work?
-Two-Tier firewall
-First tier has Internet-facing VIP addresses with 1:1 NAT relationships to VIPs that reside on the external interfaces of the second tier firewalls .
-That Internal tier's VIP addresses all perform some kind of port forwarding for FTP, HTTP, or other protocols, and also some proxying.It looks this:
Internet
|
VIP1
-PFSense-
InternalIP
|
VIP2
-Second tier FW-
Internal IP
|
router
|
Web Server1:1 Nat from VIP1 to VIP2
VIP2, does port redirection for HTTPHow well does that work? I'm concerned with the double-NAT part in particular. Can any of y'all see any problems there?
Thanks,
Schnibitz -
I run a similar setup at home, but don't NAT on the internal (second) firewall. You can route on that one and avoid all the issues of double NAT.
-
Can you give me an example of issues I might run into with the double-nat stuff?