Date: Wed, 16 Jun 2004 13:58:36 -0600 From: Jose Hidalgo Herrera <jose@hostarica.com> To: Fangorn <fangorn@o2.pl> Cc: jose@hostarica.com Subject: Re: Multiple_External_IPs+IPFW+arp_proxy+Dummynet+natd_etc Message-ID: <1087415916.87203.9.camel@jose.hostarica.net> In-Reply-To: <1087389772.641.20.camel@desk.myroom.pl> References: <1087389772.641.20.camel@desk.myroom.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-vGn2IItNWJ20YnNwVnfV
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Wed, 2004-06-16 at 06:42, Fangorn wrote:
> Hello!
>=20
> FreeBSD 5.2.1, IPFW(2 of course), 1 ext_if, 2 int_ifs, P200MMX, 96MB,
> HDD 2GB
> I have recently set up a router serving and shaping a small network
> +/-20 clients (mostly wireless, but that's not important, as the AP does
> the job).
>=20
> I do a static ARP, I have quite a simple firewall, of course natd is up
> and running fine. Some pipes and queues pretend to share the traffic
> fairly :). Now my concern is:
>=20
> 1. What is the best way to assign an external IP (I have 4 available) to
> a LAN client machine?
> 2. How (if at all) it affects traffic shaping?
you can:=20
1) use the other interface for the DMZ ( but you lose 1 ip for the
router's interface)
2) forward traffic sent to the public ips to private ips
ej.=20
ipfw add fwd privateip,80 tcp from any to publicip 80 setup
keep-state
You have the same bandwidth, unless you buy more!
>=20
> I would be greatful for a bunch of ideas and eternally greatful for
> examples of working scripts/firewall rules etc.=20
>=20
> Disclaimer: Yes, I did a google research, and found nothing that would
> cover the afformentioned problem. :-) At least nothing else than 'Well,
> you might try this ports thingy, but I don't really know if it helps.'
> ;-D
>=20
> PS: (or BTW) Maybe someone also has a solution to a problem of sharing
> two external connections in a reasonable way in such a network? Of
> course load-balancing would be desirable, but any working examples are
> welcome.
>=20
> Thank You for Your patience.
--
Hi! I'm a .signature virus!=20
Copy me into your ~/.signature to help me spread!
Jose Hidalgo
PGP: 15524480
jose at hostarica.com
--=-vGn2IItNWJ20YnNwVnfV
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQBA0KZsMb674RVSRIARAtV3AKCPmHPH+xuAYNd3IF3W+O4ThEKXngCfexpu
w8OwP1dPU0pMTqs2Gpd05hM=
=m/K/
-----END PGP SIGNATURE-----
--=-vGn2IItNWJ20YnNwVnfV--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1087415916.87203.9.camel>