From owner-freebsd-questions  Mon Jun  4 19:35:12 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from itouch.co.nz (itouch.co.nz [203.99.66.188])
	by hub.freebsd.org (Postfix) with ESMTP id 0882037B405
	for <freebsd-questions@FreeBSD.ORG>; Mon,  4 Jun 2001 19:35:08 -0700 (PDT)
	(envelope-from jonc@itouch.co.nz)
Received: (from jonc@localhost)
	by itouch.co.nz (8.11.3/8.11.1) id f552YqO14203;
	Tue, 5 Jun 2001 14:34:52 +1200 (NZST)
	(envelope-from jonc)
Date: Tue, 5 Jun 2001 14:34:52 +1200
From: Jonathan Chen <jonathan.chen@itouch.co.nz>
To: Thierry Black <thierryblack@hotmail.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: how to hook up a firewall?
Message-ID: <20010605143452.A13402@itouchnz.itouch>
References: <F8bLAX3cf3ednHM3SOl000156f0@hotmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <F8bLAX3cf3ednHM3SOl000156f0@hotmail.com>; from thierryblack@hotmail.com on Mon, Jun 04, 2001 at 05:49:33PM -0600
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Mon, Jun 04, 2001 at 05:49:33PM -0600, Thierry Black wrote:
> Thanks to you for answering my other questions before! this group is a great 
> help.
> 
> I have a small subnet of public addresses,
> like 172.168.0.128/28  So, 128 is network,
> 129-142 are usable, and 143 is broadcast.
> 
> I want to put up firewall in between and have it route all traffic to and 
> from this network but I want an other machine (web server) on the same 
> segment as the firewall, but not behind the firewall. all other machines 
> should be behind firewall.
> 
> so something like this:
> 
> gateway 1 (isp manage)
>           |
>   +-------+----------+
>   |                  |
> firewall         web server
>   |
>   +-----+-----+-- - - -
>   |     |     |
> other machines behind firewall

I would put *all* machines behind the f/w, and then use natd
-redirect_address + ip-aliasing on the f/w so that the effective setup
will still look like the above.
-- 
Jonathan Chen <jonathan.chen@itouch.co.nz>
----------------------------------------------------------------------
                "I don't want to achive immortality through my works..
                 I want to achieve it through not dying" - Woody Allen

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message