Firewall distro question (two "red" interfaces?)

Inspector Gadget

Hi folks:

I'd posted this question in Nets/Comms, and Capt. Midnight suggested I post it here.

My current situation is this: I've got a basic network running in a small office, which has an Eircom DSL line for internet connectivity. An old P200 running Smoothwall (2.0b4) is acting as a very serviceable firewall, and all is well.

As it happens, the office is on the edge of a larger network, and by week's end I'll have access to their luvvly fat pipe.

Here's where the problem begins. I want to keep both the DSL and the big pipe for redundancy and "other" (:D) reasons. I also can't buy any extra equipment, so that makes things a bit more difficult.

I suspect that there's a three-box solution: two firewalls, one for each internet link, and one box acting as a router (perhaps something like freesco?) to handle the decisions as to which link is used for what data. While this might be acheivable, it's far from ideal considering how little space and money I have for this.

But it would be brilliant if there was some thing that could just do everything, preferably something that's reasonably straightforward to set up and manage.

So, my questions are as follows:

1. Is there a free "one box" solution to this problem?
2. If so, what is it?
3. If not, what's the alternative (if any)?

Cheers,
Gadget

ssh

It sounds like a simply enough routing problem, though you'll have to get your hands dirty to get it working properly.

If I understand it, you have a network and a router, and all the hosts on the network have the router as their default route?

So how is this new network connected to your existing one? The answer to that will specify how easy it is to achieve.

Inspector Gadget

Thanks for the reply.

Erm, let's see if I can answer your questions in a manner that makes me sound something less than brain-dead.

I don't have a hardware router; I took the easy option and set up Smoothwall, which is doing any routing currently being performed (I'd assume). The network itself consists of about 10 PCs attached to a 100Mbit dumb hub (repeater). The amount of traffic generated on the network isn't enormous, so even this works fine.

Now, there's another network being installed (in parallel to the existing one - don't ask :rolleyes: ) that's linked to a much larger network.

Our existing network is using the 192.168 class "B" address space reserved for home networks, whereas the bigger network is not, and has static (technically, ours will be DHCP on an infinite lease, I understand, but it's close enough) "real" (as in not specified in RFC1918 as being for private use) IP addresses, of which we're being allocated 16, so it'll be necessary to set up NAT if we plug our network into theirs; a firewall would be no harm while I'm at it.

So, I could build another old POS box and throw Smoothwall or something on it to connect our existing LAN to their larger one, but that still leaves me with the problem of routing data correctly.

I want to be able to use both pipes; the fat one attached to the larger LAN, and our own little DSL thingy, primarily for reasons of redundancy. I assume I'll have to specify routes (based on IPs and/or TCP ports and/or UDP ports) to decide which route packets take to the internet at large, and likewise for what comes in.

Smoothwall is a handy "for dummies" tool, but I haven't found any evidence yet to suggest that I can connect two external networks to it in the way that I'd like. Also, I'd like (if possible) to stick with a software-based solution, pref. free, as I'm not exactly floating with cash, and (again) if possible, put everything in a single box, in the name of reduced power consumption and size.

I wonder is it too much to ask?
TIA,
Gadget