From owner-freebsd-ipfw@FreeBSD.ORG Wed Jun 16 19:58:56 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2760A16A4CE for ; Wed, 16 Jun 2004 19:58:56 +0000 (GMT) Received: from mx.hostarica.com (mx.hostarica.com [196.40.45.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6D19D43D54 for ; Wed, 16 Jun 2004 19:58:55 +0000 (GMT) (envelope-from jose@hostarica.com) Received: from localhost (localhost.hostarica.com [127.0.0.1]) by mx.hostarica.com (Postfix) with ESMTP id 522EEF7E4; Wed, 16 Jun 2004 14:03:28 -0600 (CST) Received: from [192.168.0.69] (unknown [192.168.0.69]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.hostarica.com (Postfix) with ESMTP id 3AF6CF7DC; Wed, 16 Jun 2004 14:03:27 -0600 (CST) From: Jose Hidalgo Herrera To: Fangorn In-Reply-To: <1087389772.641.20.camel@desk.myroom.pl> References: <1087389772.641.20.camel@desk.myroom.pl> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-vGn2IItNWJ20YnNwVnfV" Organization: Corp. Hosta Rica Message-Id: <1087415916.87203.9.camel@jose.hostarica.net> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Wed, 16 Jun 2004 13:58:36 -0600 X-Virus-Scanned: by amavisd 0.1 X-Content-Filtered-By: Mailman/MimeDel 2.1.1 cc: freebsd-ipfw@freebsd.org cc: jose@hostarica.com Subject: Re: Multiple_External_IPs+IPFW+arp_proxy+Dummynet+natd_etc X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: jose@hostarica.com List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jun 2004 19:58:56 -0000 --=-vGn2IItNWJ20YnNwVnfV Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 2004-06-16 at 06:42, Fangorn wrote: > Hello! >=20 > FreeBSD 5.2.1, IPFW(2 of course), 1 ext_if, 2 int_ifs, P200MMX, 96MB, > HDD 2GB > I have recently set up a router serving and shaping a small network > +/-20 clients (mostly wireless, but that's not important, as the AP does > the job). >=20 > I do a static ARP, I have quite a simple firewall, of course natd is up > and running fine. Some pipes and queues pretend to share the traffic > fairly :). Now my concern is: >=20 > 1. What is the best way to assign an external IP (I have 4 available) to > a LAN client machine? > 2. How (if at all) it affects traffic shaping? you can:=20 1) use the other interface for the DMZ ( but you lose 1 ip for the router's interface) 2) forward traffic sent to the public ips to private ips ej.=20 ipfw add fwd privateip,80 tcp from any to publicip 80 setup keep-state You have the same bandwidth, unless you buy more! >=20 > I would be greatful for a bunch of ideas and eternally greatful for > examples of working scripts/firewall rules etc.=20 >=20 > Disclaimer: Yes, I did a google research, and found nothing that would > cover the afformentioned problem. :-) At least nothing else than 'Well, > you might try this ports thingy, but I don't really know if it helps.' > ;-D >=20 > PS: (or BTW) Maybe someone also has a solution to a problem of sharing > two external connections in a reasonable way in such a network? Of > course load-balancing would be desirable, but any working examples are > welcome. >=20 > Thank You for Your patience. -- Hi! I'm a .signature virus!=20 Copy me into your ~/.signature to help me spread! Jose Hidalgo PGP: 15524480 jose at hostarica.com --=-vGn2IItNWJ20YnNwVnfV Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBA0KZsMb674RVSRIARAtV3AKCPmHPH+xuAYNd3IF3W+O4ThEKXngCfexpu w8OwP1dPU0pMTqs2Gpd05hM= =m/K/ -----END PGP SIGNATURE----- --=-vGn2IItNWJ20YnNwVnfV--