Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 4 Jun 2001 22:23:13 -0500 (CDT)
From:      Nick Rogness <nick@rogness.net>
To:        Thierry Black <thierryblack@hotmail.com>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: how to hook up a firewall?
Message-ID:  <Pine.BSF.4.21.0106042215420.90874-100000@cody.jharris.com>
In-Reply-To: <F8bLAX3cf3ednHM3SOl000156f0@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, 4 Jun 2001, Thierry Black wrote:

> Thanks to you for answering my other questions before! this group is a
> great help.

> 
> I have a small subnet of public addresses,
> like 172.168.0.128/28  So, 128 is network,
> 129-142 are usable, and 143 is broadcast.
> 

> I want to put up firewall in between and have it route all traffic to
> and from this network but I want an other machine (web server) on the
> same segment as the firewall, but not behind the firewall. all other
> machines should be behind firewall.

> 
> so something like this:
> 
> gateway 1 (isp manage)
>           |
>   +-------+----------+
>   |                  |
> firewall         web server
>   |
>   +-----+-----+-- - - -
>   |     |     |
> other machines behind firewall
> 

> 
> all machines in diagram must use ip address from our subnet, but I can
> change all addresses (including isp manage gateway) if subnet works
> better.  there are a few free ip addresses.
> 
> how would you guys set this up?

	Well, you have some options:

	1) Segment your /28 subnet into 2 /29's, or 1 /29 and 2 /30's, or
	4 /30's or whatever.

	2) Assign your whole /28 to your outside firewall interface (the
	net that your web server sits on).  Then run nat on the firewall
	for all "other machines behind the firewall".

	3) Run the firewall in bridging mode.

	I would personally run with option 1 or 2...probably option 2.  I
	guess it all depends on what "the other machines behind the firewall"
	are doing and if they need to be accessible from the outside
	world (aka The internet)..

Nick Rogness <nick@rogness.net>
 - Keep on Routing in a Free World...
  "FreeBSD: The Power to Serve!"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0106042215420.90874-100000>