I need a suggestion.
Network ip setup is.
Users LAN = 10.10.0.0/8
SQUID PROXY+GW = 192.168.1.1
MT WAN IP = 192.168.1.2 , GW=192.168.1.1 [Squid]
MT LAN IP = 10.10.0.1
DMASoftlab RADIUS = 10.10.0.2
(When user connects via vpn dialer in order to use internet service, he gets 172.16.0.0/16 ip series & then all user/MT data NAT/forwarded to Squid)
FTP Server ips = 10.10.0.5 (WIN2003, Main http WEB site for sharing Media)
FTP Server ips = 10.10.0.6 (WIN2003, FTP1 for VIDEOS,MP3 etc)
FTP Server ips = 10.10.0.7 (WIN2003, FTP2 for VIDEOS,MP3 etc)
The setup shown in the attached picture also have 3 FTP servers to serve around 1000-1500 users (5 TB sharing media)
What is the best way to secure FTP Server? means only authenticated users should be able to access the FTP server.
What can be done so that only vpn connected users should be able to connect to FTP server.
One idea was to add another LAN card in MT with 172.16.0.0 series or 10.10.0.x and put all FTP servers behind Mikrotik (in DMZ environment), but this would create a lot of of load on Mikrotik (5TB sharing access), Any better solution?
Regards,
ZAIB
