网络工程 - 防火墙只有一个端口。如何在第 3 层交换机上正确 NAT 到 ISP？ - 吾爱随笔录

我的防火墙，一个 iptables Linux 机器只有一个以太网端口。

我的网络拓扑非常简单，看起来像这样：

ISP (Port Gi 1/1) -> Switch <-Firewall on Port Gi 1/2
                       ^
                       |
        Other devices Gi 1/3 - Gi 1/48

在我的防火墙上，eth0接口可以在同一接口上同时具有 DHCP 地址（来自 ISP）和私有192.168.x.x地址eth0（作为网关/dhcp 服务器）。

从我的私人网络到我的 ISP 的 NAT 工作正常，所有连接的设备都可以访问互联网。但是，我想将这两个网络分开，因为现在没有什么能阻止我的其他设备尝试从我的 ISP 请求 IP，这是他们不应该做的。

如何使用我的戴尔 3048-ON 交换机在两个网络之间分离并设置防火墙 NAT？

PS我知道为我的防火墙购买额外的网卡可能更简单，但我宁愿不必。在此先感谢您的帮助

我的交换机有一个基本配置，但无论如何都是这样：

Current Configuration ...
! Version 9.13(0.0)
! Last configuration change at Tue Jan 16 03:00:13 2018 by default
!
boot system stack-unit 1 default system: A:
!
hostname DellEMC
!
protocol lldp 
!
redundancy auto-synchronize full
!
stack-unit 1 provision S3048-ON
!
interface GigabitEthernet 1/1
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/2
 no ip address
 switchport
 no shutdown
!       
interface GigabitEthernet 1/3
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/4
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/5
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/6
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/7
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/8
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/9
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/10
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/11
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/12
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/13
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/14
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/15
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/16
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/17
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/18
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/19
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/20
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/21
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/22
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/23
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/24
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/25
 no ip address
 switchport
 no shutdown
!       
interface GigabitEthernet 1/26
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/27
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/28
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/29
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/30
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/31
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/32
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/33
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/34
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/35
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/36
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/37
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/38
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/39
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/40
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/41
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/42
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/43
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/44
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/45
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/46
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/47
 no ip address
 switchport
 no shutdown
!
interface GigabitEthernet 1/48
 no ip address
 switchport
 no shutdown
!       
interface TenGigabitEthernet 1/49
 no ip address
 shutdown
!
interface TenGigabitEthernet 1/50
 no ip address
 shutdown
!
interface TenGigabitEthernet 1/51
 no ip address
 shutdown
!
interface TenGigabitEthernet 1/52
 no ip address
 shutdown
!
interface ManagementEthernet 1/1
 no ip address
 no shutdown
!
interface ManagementEthernet 2/1
 no shutdown
!       
interface ManagementEthernet 3/1
 no shutdown
!
interface ManagementEthernet 4/1
 no shutdown
!
interface ManagementEthernet 5/1
 no shutdown
!
interface ManagementEthernet 6/1
 no shutdown
!
interface Vlan 1
!untagged GigabitEthernet 1/1-1/48
!
line console 0
line vty 0
line vty 1
line vty 2
line vty 3
line vty 4
line vty 5
line vty 6
line vty 7
line vty 8
line vty 9
!
reload-type
 boot-type normal-reload
 config-scr-download enable
!
end