General discussion


segregation of multiple public ips

By pleclaire ·
A situation has come up that is forcing me to go to multiple public ips. Currently our outside connection goes straight into our firewall. What is the easiest way to seperate the traffic coming for one IP from the traffic sent to the other IP. Also need to be able to keep outgoing data seperate. Thanks for any help.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by curlergirl In reply to segregation of multiple p ...

The answer to this question depends on what hardware you are using. In a case like this, "easiest" is not the correct adjective you want to apply. You should instead be looking for the "most secure" way to do this.

In general, you need to look at what type of router or firewall you are using between the Internet and your private network, how this hardware is configured and what public and/or private IP addresses it is using, whether you are using NAT through this device, and if so, whether it allows mapping of multiple external IP addresses to multiple internal private addresses. Outgoing data is always separate, so there is no need to worry about that. Ideally, if you are using a router or firewall with NAT, then it will have the ability to map multiple external IP addresses to specific private addresses. Then, you can continue to have your "public" hosts behind the NAT firewall and still be able to route the correct traffic to the correct host. However, if your router/firewall doesn't have this capability, you will need to assign public IP addresses directly to these hosts, thereby exposing them to the Internet. If you have a DMZ already established, then you can simply move these hosts into your DMZ. However, if you don't have a DMZ and you assign public IP addresses to these hosts, they will be basically allowing public access behind your firewall, and you definitely don't want to do this.

Hope this helps!

Related Discussions

Related Forums