Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 16 Jun 2004 13:58:36 -0600
From:      Jose Hidalgo Herrera <>
To:        Fangorn <>
Subject:   Re: Multiple_External_IPs+IPFW+arp_proxy+Dummynet+natd_etc
Message-ID:  <>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Wed, 2004-06-16 at 06:42, Fangorn wrote:

> Hello!
> FreeBSD 5.2.1, IPFW(2 of course), 1 ext_if, 2 int_ifs, P200MMX, 96MB,
> I have recently set up a router serving and shaping a small network
> +/-20 clients (mostly wireless, but that's not important, as the AP does
> the job).
> I do a static ARP, I have quite a simple firewall, of course natd is up
> and running fine. Some pipes and queues pretend to share the traffic
> fairly :). Now my concern is:
> 1. What is the best way to assign an external IP (I have 4 available) to
> a LAN client machine?
> 2. How (if at all) it affects traffic shaping?

you can:=20
    1) use the other interface for the DMZ ( but you lose 1 ip for the
router's interface)
    2) forward traffic sent to the public ips to private ips
            ipfw add fwd privateip,80 tcp from any to publicip 80 setup

You have the same bandwidth, unless you buy more!

> I would be greatful for a bunch of ideas and eternally greatful for
> examples of working scripts/firewall rules etc.=20
> Disclaimer: Yes, I did a google research, and found nothing that would
> cover the afformentioned problem. :-) At least nothing else than 'Well,
> you might try this ports thingy, but I don't really know if it helps.'
> ;-D
> PS: (or BTW) Maybe someone also has a solution to a problem of sharing
> two external connections in a reasonable way in such a network? Of
> course load-balancing would be desirable, but any working examples are
> welcome.
> Thank You for Your patience.

Hi! I'm a .signature virus!=20
Copy me into your ~/.signature to help me spread!

Jose Hidalgo
PGP: 15524480
jose at

Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

Version: GnuPG v1.2.4 (FreeBSD)



Want to link to this message? Use this URL: <>