Sign in with
Sign up | Sign in
Your question

Please help correctly segment the network

Last response: in Networking
November 25, 2010 3:08:26 PM

I wish to seperate sections in the LAN
Lan traffic only, Internet traffic only
Server/Workstations have eth0 and eth1 available.

Please see the below diagrams for advise;
1. Current:
2. Proposed:

I'm not sure which is the best approach...
1. Use the layer 3 managed switch (port based) for each server/workstation,
eth0 for LAN only, eth1 for Internet only ?
2. Use a dedicated Firewall 'before' the router and assign the
wireless a network to keep them off the lan
3. Use another router

The issue I'm concerned with most is using one of the servers for a Samba file share
(LAN access only), but the server needs updating from the Internet as well. My understanding
is that it's best to separate the LAN/Internet traffic with an entirely different subnet.

I wish to prevent a setup where a server/workstation could be accidentally misconfigured
to use Internet traffic on the wrong eth0/eth1 interface.

All server/workstations are Debian amd64 Testing.

Can someone please recommend an approach to properly isolate LAN/Internet traffic for
the proposed network layouts at the above links?

Thank you much.
November 26, 2010 11:22:30 AM

Thank you dadiggle.

Sorry, I'm not 100 percent clear. Do you mean use all eth1 nics (Internet access) and
connect directly to the Firewall or a seperate proxy server on ?

>"...Option 2 just have the firewall added. Routing is the key here."
? Do you mean 'static routing' ? If so which source/destinations?

>"...Set your ADSL gateway as the default gateway on clients or proxy server and then only set default gateway of the wan link for other clients that you want to go over the wan"
? In the diagrams above, where are you assigning the gateways ?

Thank you for your help.
November 27, 2010 6:39:44 AM

dadiggle, thanks for your patience.

Noted, on the explanation on how a firewall functions. I am familiar with the process.

Would it be possible for you to address my specific 2 questions in my previous post
regarding recommended eth1 nics, gateway addresses, static routing, and proxy server ?

Best regards,
Related resources
November 27, 2010 2:22:35 PM


You are avoiding my questions, never mind thank you.

Can anyone else please help me?

Thank you.
November 28, 2010 5:01:16 PM


Would you mind stepping aside and letting someone else answer me please ?
I will seek a 2nd opinion.

Thank you.

Anyone else?