Hello!
I have been looking in the wiki, and googled and I think what i am after is simple, but i would like to verify.
Basically, I've got a piece of equipment which is suseptible to DOS (Or rather, repeated failed login attempts to SSH makes it hang, and SSH cannot be disabled), out of support and I really cannot motivate the cost to replace it. It is just my own colocated little vmware box on a very old Supermicro Server with a "&%¤"!!! IPMI-module.
So, I want to drop a transparent firewall infront of it. The CRS125 is pretty much the cheapest Rackmountable piece of kit I have come across so I figured it would do nicely.
On the upstream side, I have a /27 network, and the provider will not issue a new link net, hence the need for transparent.
I want a CRS to be manageble on one of my available IP adresses, let all traffic through untouched, except for traffic to one IP in my net, to which access would only be allowed from a specific subnet.
Should be easy enough? Right? But, i am still missing hte eureka moment when i realize just how to set this up.
I guess i should start by defining port 2 as a master, link 3-5 as slaves to two (for the links to the equipment)
I guess i then need to create a bridge between 1 and 2 and assign the bridge my "Management IP"?
How am I thinkin so far?