From owner-freebsd-questions@FreeBSD.ORG Sat Jun 17 17:40:17 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 660BE16A47C for ; Sat, 17 Jun 2006 17:40:17 +0000 (UTC) (envelope-from bsd@bathnetworks.com) Received: from lmail.bathnetworks.co.uk (mail.bathnetworks.com [84.92.24.252]) by mx1.FreeBSD.org (Postfix) with ESMTP id D316643D45 for ; Sat, 17 Jun 2006 17:40:15 +0000 (GMT) (envelope-from bsd@bathnetworks.com) Received: (qmail 19773 invoked by uid 510); 17 Jun 2006 18:47:51 +0100 Received: from 127.0.0.1 by lmail.bathnetworks.co.uk (envelope-from , uid 508) with qmail-scanner-1.24-st-qms (clamdscan: 0.88/1261. spamassassin: 3.0.2. perlscan: 1.24-st-qms. Clear:RC:0(127.0.0.1):SA:0(-4.6/5.0):. Processed in 2.503023 secs); 17 Jun 2006 17:47:51 -0000 X-Spam-Status: No, hits=-4.6 required=5.0 X-Antivirus-MYDOMAIN-Mail-From: bsd@bathnetworks.com via lmail.bathnetworks.co.uk X-Antivirus-MYDOMAIN: 1.24-st-qms (Clear:RC:0(127.0.0.1):SA:0(-4.6/5.0):. Processed in 2.503023 secs Process 19764) Received: from localhost (HELO 192.168.0.50) (bsd@bathnetworks.com@127.0.0.1) by lmail.bathnetworks.co.uk with SMTP; 17 Jun 2006 18:47:48 +0100 Received: from 192.168.0.104 (SquirrelMail authenticated user bsd@bathnetworks.com) by 192.168.0.50 with HTTP; Sat, 17 Jun 2006 18:47:48 +0100 (BST) Message-ID: <63337.192.168.0.104.1150566468.squirrel@192.168.0.50> In-Reply-To: <1406.192.168.1.33.1150561913.squirrel@192.168.1.15> References: <1406.192.168.1.33.1150561913.squirrel@192.168.1.15> Date: Sat, 17 Jun 2006 18:47:48 +0100 (BST) From: bsd@bathnetworks.com To: richard@firebadger.net User-Agent: SquirrelMail/1.4.4 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: freebsd-questions@freebsd.org Subject: Re: Moving From NAT to Multiple IPs - Server Considerations X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Jun 2006 17:40:17 -0000 > Hello, > > I've recently started to work from home so the limitations of one IP > address are really starting to gripe me. > > I've asked my ISP to order me a block of 8 ips. What considerations so I > be looking at when managing the IP server address change. > > I'm not too concerned about the services going offline as they are not > used for anything critical and in any case services such as SMTP and > incoming e-mail have fail safes provided by my dns provider. > > Do I need to install IPFirewall or will the server just close all the > ports that it is not using and be fine and dandy that way. Any > recommendations on good articles for installing IPFW. I've googled but I > am looking for something which allows me to do the basics but also talks > about the more advanced stuff such as blocking logins on SSH after x > attempts. > > How do I manage the change from NAT to multi Ips. Does the server still > get given an internal IP address on the lan and then the router redirects > the external IP to that machine or does the machine have to be told that > it is now listening on IPs x, y and z. > > Any help appreciated. > > Cheers > Richard > > > -- > Richard Collyer > richard@firebadger.net Hi Richard, You have asked a number of questions in one here. There are a number of ways to do what I think you are trying to do. The way I have my systems setup is problably the simplest but it depends on what you want. My setup is the modem (no NAT or Firewall) on the 1st IP of the block (my ISP calls it this the gateway address) this connects to a switch. I have a firewall/nat/router (smoothwall) connected to the switch which does the NATing etc to my internal network. The servers (Web, mail etc) have 2 ethernet connections, the 1st is on the external switch with an external IP and all the ports closed except those necessary for the function. The 2nd (if you like the control connection) on the internal network with things like the ssh oport open. There are plenty of Howtos on IPF etc - just use Google. Also have a look at the smoothwall site, IPcop is also good. Hope this has given you some ideas. However, please remember anything connected to an external ip does need a firwall. Rob