We have been trying to move away from a SonicWall firewall for quite some time now.
Through much Googling and many hours of trial and error, we have met varying degrees of success through different firewall distros such as m0n0wall, Smoothwall, PFSense, Vyatta, etc.
Our current setup is a Ubuntu Server 11.04 distro running Shorewall. This has been our most successful setup thus far, but we are still having several routing issues. We have noticed several references to strange or erroneous behavior when running Shorewall on Debian based distros and we're wondering if this has something to do with our current problems.
Because we have had so many setups fail, we have concluded that we are doing something fundamentally wrong. So what would be a simple setup that would handle what we've outlined below?
We have three interfaces on our firewall machine:
- eth0 (LAN): 10.10.0.0/16
- eth1 (XO): x.x.x.178/30 gateway:x.x.x.177 (routes traffic for a separate public subnet z.z.z.z/24)
- eth2 (Qwest): y.y.y.225/29 gateway:y.y.y.230
We need to NAT traffic from z.z.z.z and y.y.y.y addresses to internal servers. But all outbound traffic needs to default to XO unless explicitly directed through the Qwest connection.
Thank you very much for your input!