Building a custom Router

I need to create the network below: Diagram

Facts:

  • The router is a Linux box (don't care about the flavor), it has 2 NIC's.
  • The switch is unable to support VLAN's.
  • The servers need a WAN-IP. NAT is not an option.
  • This is all I get to work with (yeey budget-cuts).

How do I go about building this router (that isn't always a router)? Some of the servers need an IP that is assigned by the ISP based upon the MAC-address but the DNS-discovery doesn't travel over the router. Is there any way I can tell dhcpd to pass these requests to the ISP? Will I have a problem with routing?

I've looked into virtual nics but couldn't find a solution for my problem. I'm open to all suggestions at this point.


Solution 1:

NAT Forwarding - Put all the external IPs on the router, then forward the appropraite IP:Port combinations to the correct internal server. All internal computer use a 10.x.x.x IP. Almost any router platform can do this except the cheapest SOHO routers. pfSense, M0n0wall, or a generic Linux or BSD distro would work fine (Even Windows can do this with the right software).

The wrong way to this this - Setup the router with a very small external address range. If you got a /27 from the ISP, use a /30 for the external and the upper /28 for the servers. This wastes a lot of IPs, and you'll have Internet traffic commingling with your internal traffic. Give the clients 10.x.x.x IPs, the router should have some really good firewalling going on to make sure the right ports are exposed on the Extern IPs, while the Internal network can still access appropriate services on the server too. vLanning would be a good idea; using two switches to create a DMZ/Perimeter network would be a better idea; The NAT Forwarding above would be the best idea given your requirements.