Date: Mon, 12 Jun 2000 01:36:57 -0400 From: Ben Williams <williamsl@home.com> To: cjclark@alum.mit.edu Cc: freebsd-questions@freebsd.org Subject: Re[2]: UPGRADE 2.2.8 to 4.0R Message-ID: <567.000612@home.com> In-Reply-To: <20000610141556.I1197@dialin-client.earthlink.net> References: <20000610141556.I1197@dialin-client.earthlink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoting Crist J. Clark Monday, June 12, 2000 > On Sat, Jun 10, 2000 at 01:55:23PM -0700, Everett F Batey wrote: >> /snip/ >> Ideas about running IPFW and NATD on web/mail server ? Still a >> recompile ? > Ideas about running ipfw(8) and NAT on a web/mail server: > - If there is no firewall somewhere else between this machine and > the Internet, then ipfw is a very good idea. > - Unless the machine is also a gateway, it should not need NAT. > - If the machine is to be a gateway-NAT box for a protected network > of any size, it should probably be held to a higher security standard > (i.e. cut bare-bones and running a few potentially exploitable > daemons as possible). Put mail and web on a different machine than > that doing the NAT and firewalling. Along these lines I'd like to ask if a "triple-homed routing bridge" (i.e. 3 NIC's, 2 of which are connected to ISP's and one to the "internal" LAN) is conceivable or even feasable. If I have my terminology right a "bridge" connects multiple networks with optionally (preferably for me) a firewall in place that does not decrement the TTL of a packet since none of the NIC's on the bridge have IP's. Would a FreeBSD 3.4R box be capable of this kind of setup? This is -almost- the networking question I asked several days ago but I didn't get much input then .. hope to hear from you soon! --Ben Williams mailto:received@email dot com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?567.000612>