I have a simular configuration issue to the original poster and I think that this might be the solution for my problem as well.
On my untrusted interface I have 2 ip addresses from subnet "A" and 2 ip addresses from subnet "B". Each ip address needs to map to a different web server, as well as other services.
subnetA.ip1 port 80 --> trusted_webserver_1
subnetA.ip1 port 21 --> trusted_ftp_server_1
subnetA.ip2 port 80 --> trusted_webserver_2
subnetA.ip2 port 25 --> trusted_mailserver_1
subnetB.ip1 port 80 --> trusted_webserver_3
subnetB.ip1 port 25 --> trusted_mailserver_2
subnetB.ip2 port 80 --> trusted_webserver_4
Based on the previous post this is how I understand I would configure the firewall from scratch:
On the command line:
Using the web-gui:
- Set up subnetA.ip1 on the chosen interface.
- Create and setup subnetB.ip1 as a sub-if on the chosen interface.
- Setup routing for subnetA and subnetB.
- Configure all the policies to map from the external ip/ports to the proper internal ip/ports.
- Let stand 15 minutes and serve with a nice merlot.
It seems to me that I would also need to configure subnetA.ip2 and subnetB.ip2, but I'm not sure how I'm supposed to do that. The system won't let you have sub-ifs with overlapping subnets. Obviously VIPs wont work. How is it done?
Is this the best way to solve my problem?