Date: Tue, 13 Nov 2001 11:41:44 -0600 From: "Travis L. Leuthauser" <travis@bbipmail.com> To: "Fabrizio Ravazzini" <freefabri@yahoo.it> Cc: <freebsd-isp@freebsd.org> Subject: RE: Nat Gateway Firewall rules Message-ID: <NEBBIGMCEDGDNFGOAAFLAEIHGJAA.travis@bbipmail.com> In-Reply-To: <20011113172833.16267.qmail@web20106.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Why not assign all public IP's to the FreeBSD gateway and then forward port
requests to internal boxes based on IP/port combinations. Like such:
INTERNET
|
|
|Public Ip0
_____|_________
| Router CISCO |
+------+--------+
|
|PublicIP1,PublicIP2,PublicIp3
+---------+
| NAT |
|Firewall |
+---------+ DMZLan1
+----+ | | +------+
|WWW1|--------+ +-----+-----| WWW2 |
+----+ | +------+
|
InternalLan1 |DNS (DMZLan2)
Then do your forwarding like so:
PublicIP2:80 --> DMZLan1:80
PublicIP2:53 --> DMZLan2:53
PublicIP3:80 --> InternalLan1:80
and so on.
Hope this helps,
Travis L. Leuthauser
-----Original Message-----
From: owner-freebsd-isp@FreeBSD.ORG
[mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Fabrizio Ravazzini
Sent: Tuesday, November 13, 2001 11:29 AM
To: Fabrizio Ravazzini
Cc: freebsd-isp@freebsd.org
Subject: RE: Nat Gateway Firewall rules
--- Fabrizio Ravazzini <freefabri@yahoo.it> ha
scritto: > many thanks for help,now I've tought to
another
> problem, I've read on the FreebSD Handbook
> (cap17.11-Nat) and the natd manual page that with
> the
> option -redirect_address, if I have for example a
> www
> server I can redirect the traffic to this server
> wich
> is on the internal Lan or also to another machine
> with
> public Ip.
> But the problem is: if I have two or more web
> servers
> in the lan or also out of the Lan which they must be
> reached from the internet how can I redirect with
> natd?
> Because with natd I can redirect (I understood) only
> one machine for one service.
> Shortly the scheme:
>
OPS!! the correct scheme is this(With the router)
INTERNET
|
|
|Public Ip0
_____|_________
| Router CISCO |
+------+--------+
|
|PublicIP1
+---------+
| NAT |
|Firewall |
+---------+ PublicIP2
+----+ | | +------+
|WWW1|--------+ +-----+-----| WWW2 |
+----+ | +------+
PublicIp3 |
or InternalLan1 |DNS
Thanks,bye
>
> --- John Brooks <john@day-light.com> ha scritto: >
> Try
> these:
> >
> > http://www.obfuscation.org/ipf/
> >
> > http://geodsoft.com/howto/harden/
> >
> > --
> > John Brooks
> > Email: john@stlbsd.org
> >
> > -----Original Message-----
> >
> > ...snip...
> >
> > I must provide a strong Firewall set of rules on
> the
> > nat, where can I find some docs to do such a
> thing?
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-isp" in the body of the
> message
>
>
______________________________________________________________________
>
> Abbonati a Yahoo! ADSL con Atlanet!
> Naviga su Internet ad alta velocitą, e senza limiti
> di tempo!
> Per saperne di pił vai alla pagina
> http://adsl.yahoo.it
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the
message
______________________________________________________________________
Abbonati a Yahoo! ADSL con Atlanet!
Naviga su Internet ad alta velocitą, e senza limiti di tempo!
Per saperne di pił vai alla pagina http://adsl.yahoo.it
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NEBBIGMCEDGDNFGOAAFLAEIHGJAA.travis>