From owner-freebsd-isp Thu Nov 12 14:33:43 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA02191 for freebsd-isp-outgoing; Thu, 12 Nov 1998 14:33:43 -0800 (PST) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from carp.gbr.epa.gov (carp.gbr.epa.gov [204.46.159.110]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA02037 for ; Thu, 12 Nov 1998 14:32:06 -0800 (PST) (envelope-from mjenkins@carp.gbr.epa.gov) Received: (from mjenkins@localhost) by carp.gbr.epa.gov (8.8.8/8.8.8) id QAA08023; Thu, 12 Nov 1998 16:31:33 -0600 (CST) (envelope-from mjenkins) Date: Thu, 12 Nov 1998 16:31:33 -0600 (CST) From: Mike Jenkins Message-Id: <199811122231.QAA08023@carp.gbr.epa.gov> To: billf@chc-chimes.com, terry@dcomm.net Subject: Re: IP masqurading Cc: freebsd-isp@FreeBSD.ORG In-Reply-To: Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 12 Nov 1998 Bill Fumerola wrote: > > On Thu, 12 Nov 1998, Terry Ewing wrote: > > > People here are thinking of putting our co-located computers behind a > > FreeBSD IPFW firewall. At the same time they were thinking of giving the > > co-located servers 192.168.x.x IP's so they can be removed if we go through > > renumbering. We'd just masquerade the real IP to the 192.168 IP in the > > firewall. > > > > Can anyone arm me with a good reason why we shouldn't do this? > > Because giving (paying) colocated server internal IPs is degrading the > QoS. Some UDP and other programs don't work with it. If he used static NAT (many-to-many) (as he suggested in the last sentence of paragraph 1) instead of IP Masquerade (many-to-one) (as his subject line suggested) he should be ok. Of course, he will have to use a split-DNS to keep the inside servers happy. If the external addresses change (new provider?), he can change the NAT table and the external DNS, but won't have to reconfigure the internal hosts. Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message