Date: Fri, 27 Aug 1999 14:20:32 -0700 From: Nathan Hackett <zhackett@tus.ssi1.com> To: freebsd-questions@FreeBSD.ORG Subject: Firewall protected name server? Message-ID: <37C7011F.CE378E71@tus.ssi1.com>
next in thread | raw e-mail | index | archive | help
I am trying to achieve the following network topology. The man
page for route leads me to believe that this is possible using the -interface
option, but all attempts to make this work have failed. X.Y.Z represents
the public network subnet. The only addresses on this subnet that
are available here are X.Y.Z.50, X.Y.Z.51, and X.Y.Z.52 (.52 not used in this
example).
(The Internet)
|
World Router
X.Y.Z.1
(Cisco)
| | | |
+----------+----------+------------+----------+ Public
network
|
ed1
X.Y.Z.50
FreeBSD
Firewall
10.0.0.1
vr0
|
+-----------+-----+-----+-----+-----+-----+-----+
Unregistered Private
| | | | | | | | network
ed1
X.Y.Z.51
NS1
FreeBSD
Name server
The trick is that the name server needs to be addressable from the
world, but protected behind the firewall also. All other clients on the
Unregistered network are 10.0.0.x. How do I setup the routing in the
firewall so that packets for X.Y.Z.51 go through vr0 and not ed1 like
the netmask for ed1 would imply? What should the ifconfig and route
entries in the rc.conf files look like for both the firewall and the
name server?
Also, some more information about what the -interface option to the
route command really does would be nice. It does not seem to work as
advertised in the man page and in all the research I have done through
the mailing list archives, the answer is always "fix the netmask", but
this does not help my understanding of the -interface option.
Thanks,
/Nathan
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37C7011F.CE378E71>