Date: Thu, 20 May 1999 16:23:50 -0700 (PDT) From: Doug White <dwhite@resnet.uoregon.edu> To: Len Conrad <lconrad@Go2France.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Can this routing be done under fbsd? Message-ID: <Pine.BSF.4.03.9905201618330.10536-100000@resnet.uoregon.edu> In-Reply-To: <4.1.19990521001440.00deee00@mail.go2france.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 21 May 1999, Len Conrad wrote:
> We're a 'boutique/niche' ISP that has acquired a small block of public ip
> addresses.
>
> Is NAT the way to do this:
>
> Our border gateway router (one link to an Internet backbone) will be
> freebsd, with the DMZ net just behind it. Assume the DMZ net will be
> private with 10.0.0.*.
>
> A 2nd fbsd machine on the DMZ net will be our "dedicated access router"
> driving HDLC WAN cards and dedicated leased lines to our customers, some of
> whom will have servers with public ip addresses. Assume the WAN side of
> the access router will have private addresses lke 192.0.0.*.
>
> What's the best way, if possible with fbsd, to have the clients' public
> servers accessible via public ip addresses. 2 levels of static NAT?
No. The people with real IPs will get constrained by NAT, so it won't be
doing them any good to have real IPs. You should hang the frame relay
router box off the border router on a non-NATed IP. You can do this with
some creative ipfw rules.
Like so:
Private network customers
\ | /
\ | /
10.* addresses
/
/
Internet -- [ Border router]
\
\ <--- Real IP network (/30 ?)
[ FR router ]
/ | \
/ | \
FR circuits to customers
Doug White
Internet: dwhite@resnet.uoregon.edu | FreeBSD: The Power to Serve
http://gladstone.uoregon.edu/~dwhite | www.freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.03.9905201618330.10536-100000>