Date: Tue, 5 Jun 2001 14:34:52 +1200 From: Jonathan Chen <jonathan.chen@itouch.co.nz> To: Thierry Black <thierryblack@hotmail.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: how to hook up a firewall? Message-ID: <20010605143452.A13402@itouchnz.itouch> In-Reply-To: <F8bLAX3cf3ednHM3SOl000156f0@hotmail.com>; from thierryblack@hotmail.com on Mon, Jun 04, 2001 at 05:49:33PM -0600 References: <F8bLAX3cf3ednHM3SOl000156f0@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jun 04, 2001 at 05:49:33PM -0600, Thierry Black wrote:
> Thanks to you for answering my other questions before! this group is a great
> help.
>
> I have a small subnet of public addresses,
> like 172.168.0.128/28 So, 128 is network,
> 129-142 are usable, and 143 is broadcast.
>
> I want to put up firewall in between and have it route all traffic to and
> from this network but I want an other machine (web server) on the same
> segment as the firewall, but not behind the firewall. all other machines
> should be behind firewall.
>
> so something like this:
>
> gateway 1 (isp manage)
> |
> +-------+----------+
> | |
> firewall web server
> |
> +-----+-----+-- - - -
> | | |
> other machines behind firewall
I would put *all* machines behind the f/w, and then use natd
-redirect_address + ip-aliasing on the f/w so that the effective setup
will still look like the above.
--
Jonathan Chen <jonathan.chen@itouch.co.nz>
----------------------------------------------------------------------
"I don't want to achive immortality through my works..
I want to achieve it through not dying" - Woody Allen
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010605143452.A13402>