Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 30 Apr 2001 13:10:24 -0700 (PDT)
From:      John Wilson <john_wilson100@excite.com>
To:        Nick Rogness <nick@rogness.net>
Cc:        freebsd-net@FreeBSD.ORG
Subject:   Re: ipfw routing/netmask problem
Message-ID:  <6458253.988661425565.JavaMail.imail@almond.excite.com>
next in thread | raw e-mail | index | archive | help 

On Mon, 30 Apr 2001 14:03:04 -0500 (CDT), Nick Rogness wrote:

>  On Mon, 30 Apr 2001, John Wilson wrote:

>  > This seems like a good solution.   Please help me figure out the
>  > subnets/routes I need to use.   So far, I have this:
>  > 
>  > /---------------------\
>  > |  router 90.91.92.1  |
>  > \---------------------/
>  >          |
>  >          |
>  > /---------------------\   /---------------------\
>  > | fxp0 90.91.92.2/30  |---|  fxp1 90.91.92.?/?  |
>  > \---------------------/   \---------------------/
>  >                                -|     |    |-----------
>  >                               |       |               |
>  >                           /-------\   /-------\   /-------\
>  >                           | NAT 1 |   | NAT 2 |   |  DMZ  |
>  >                           \-------/   \-------/   \-------/
>  > 
>  > All I gotta do is fill in the missing blanks  :)
>  
>  	
>  	fxp1= 90.91.92.17 netmask 255.255.255.240
>  
>  	All DMZ machines (90.91.92.18 -> 90.91.92.30) are setup with the
>  	same netmask (255.255.255.240) and point to .17 as there gateway.


Sounds good!   Do I need to do anything special on the router?

As a side question, do you think a single 600MHz P3 w/128Mb RAM (and not too
many firewall rules) can handle ~100 NAT clients?

Thanks

John




>  
>  	I would, however, change your physcial setup by splitting off your
>  	DMZ onto it's own ethernet card and switch like so:
>  
>  		Public (Router)
>  		|
>  		fxp0
>  		|
>  		BSD --fxp2---DMZ
>  		|
>  		fxp1
>  		|
>  		Private Net
>  		 /    	 \
>  		nat1	nat2
>  
>  	It just makes more sense security wise and makes administration a
>  	little less difficult.  It also gives you more options with
>  	firewalling and such.
>  
>  
>  Nick Rogness <nick@rogness.net>
>   - Keep on Routing in a Free World...
>    "FreeBSD: The Power to Serve!"





_______________________________________________________
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6458253.988661425565.JavaMail.imail>