Targets of the first steps:
- to configure the hypervisor
- install and update the "basic" machines
- reach the WAN from the LAN
- be able to ping the WAN interface from the internet.
The architecture of the network after 8 weeks:
designing the architectue of the network is not so easy as it seems to be by looking at the numerous "red-orange-green" networks present on the www!!
Remember: it shouldn't "only" work, it should work in a correct and secure way!
Some exemple of question: where to place the server DNS? Into the DMZ? Into the LAN? Why? Is it secure? Wehre to place (in the future!) the server LDAP? etc....
Here is the first draft:
Choice of the machines:
- router/firewall: "pfsense" is a specified distribution for this target, has a very good reputation, is maintained etc...
But the settings seems quite complex (for a not network admin) because hunderds of parameters can be adjust.
The good news is that the default settings allow the machines of the LAN to reach the WAN! - server DNS and Email: I choose the classical distribution "Debian" because of the good documentation and the stability.
- Evenif the router/firewall could have 3 "legs" and manager the DMZ, I choose for the first time to place 2 routers, in order to get the settings more clear and separate between WAN and DMZ and between DMZ and LAN.
- Same thing for the DNS, WEB and Mail server: even if they could be hosted by a unique machine, I decided to split in the first time.
- I put a client fedora into the DMZ in order to make tests from and to a machine placed into the DMZ. No other use at this time.
First problem:
even if the virtual network is offline, I can ping its domain!
Therefore I assume that the SME-Server is answerign the ping.
So, how can I ping the virtual network? Using a port forwarding at the SME? But ping doesn't use ports...if I understand what I have read.....
To be continued.....