From owner-freebsd-net Sun Mar 12 23:57:11 2000 Delivered-To: freebsd-net@freebsd.org Received: from nexus.plymovent.se (nexus.plymovent.se [212.247.77.253]) by hub.freebsd.org (Postfix) with ESMTP id 0974037B606; Sun, 12 Mar 2000 23:57:00 -0800 (PST) (envelope-from thomas.uhrfelt@plymovent.se) Received: from tu ([192.168.1.21]) by nexus.plymovent.se (8.9.3/8.9.3) with SMTP id JAA33195; Mon, 13 Mar 2000 09:36:03 +0100 (CET) (envelope-from thomas.uhrfelt@plymovent.se) Received: by localhost with Microsoft MAPI; Mon, 13 Mar 2000 08:57:53 +0100 Message-ID: <01BF8CCA.37E80C20.thomas.uhrfelt@plymovent.se> From: Thomas Uhrfelt Reply-To: "thomas.uhrfelt@plymovent.se" To: "'freebsd-net@freebsd.org'" Cc: "'freebsd-questions@freebsd.org'" Subject: DMZ/Routing setup - really could use your expertize on this one. Date: Mon, 13 Mar 2000 08:57:53 +0100 Organization: PlymoVent AB X-Mailer: Microsoft Internet-e-post/MAPI - 8.0.0.4211 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I have a little problem with routing it seems, it doesn't matter what I do - I just don't seem to get it right. That's why I finally decided to turned to the FreeBSD community for aid, as you have given me accurate advice and guidance in the past. In my effort to strengthen the security on our network I have decided to implement some sort of DMZ approach to our public services - hence abandoning the old setup with everything on the front computer and the rest behind NAT. We have been assigned these IP:s X.Y.X.66 - X.Y.Z.126 and the IP net is defined as X.Y.Z.64/26. Now the configuration I want to setup is something along the lines of: CISCO ROUTER (X.Y.Z.65) ! ! (OUTER NIC X.Y.Z.66) FREEBSD1 (INNER NIC X.Y.Z.67) ! ! ( ALL THE PUBLIC IP:s but one) (on an aliased machine - but could be more in the future) ! ! (OUTER NIC X.Y.Z.79) FREEBSD2 (INNER NIC 192.168.1.?/24 via NAT) ! ! (THE INNER NAT:ED NETWORK) for now I have only struggled with the first part of the network (CISCO,FREEBSD1 and PUBLIC IP MACHINE) and have neglected the "back" part of the network. But I still can't seem to get it to work. Is there any helpful soul out there that might give me some hands-on hints, example confs/routing files - or better yet .. tell me how to accomplish this? Thomas Uhrfelt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message