From owner-freebsd-isp  Tue Nov 13  9:48:21 2001
Delivered-To: freebsd-isp@freebsd.org
Received: from web20102.mail.yahoo.com (web20102.mail.yahoo.com [216.136.226.39])
	by hub.freebsd.org (Postfix) with SMTP id 2EE5C37B417
	for <freebsd-isp@freebsd.org>; Tue, 13 Nov 2001 09:48:10 -0800 (PST)
Message-ID: <20011113174810.81828.qmail@web20102.mail.yahoo.com>
Received: from [62.11.71.109] by web20102.mail.yahoo.com via HTTP; Tue, 13 Nov 2001 18:48:10 CET
Date: Tue, 13 Nov 2001 18:48:10 +0100 (CET)
From: =?iso-8859-1?q?Fabrizio=20Ravazzini?= <freefabri@yahoo.it>
Subject: RE: Nat Gateway Firewall rules
To: "Travis L. Leuthauser" <travis@bbipmail.com>
Cc: freebsd-isp@freebsd.org
In-Reply-To: <NEBBIGMCEDGDNFGOAAFLAEIHGJAA.travis@bbipmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org

Ok ok, I got it, great, that's what I want.
But How can I assign  PublicIp1,2,3 to the gateway.
I give more ip's to the same eth card on the gateway
or I have to play with the router?

--- "Travis L. Leuthauser" <travis@bbipmail.com> ha
scritto: > Why not assign all public IP's to the
FreeBSD
> gateway and then forward port
> requests to internal boxes based on IP/port
> combinations.  Like such:
> 
> 		INTERNET
>  		  |
> 		  |
> 		  |Public Ip0
>              _____|_________
>             | Router CISCO  |
>             +------+--------+
>                    |
>                    |PublicIP1,PublicIP2,PublicIp3
>                  +---------+
>                  | NAT     |
>         	 |Firewall |
>                  +---------+       DMZLan1
>      +----+        |  |           +------+
>      |WWW1|--------+  +-----+-----| WWW2 |
>      +----+                 |     +------+
>                             |
>        InternalLan1         |DNS (DMZLan2)
> 
> Then do your forwarding like so:
> 
> PublicIP2:80 -->  DMZLan1:80
> PublicIP2:53 -->  DMZLan2:53
> PublicIP3:80 -->  InternalLan1:80
> and so on.
> 
> Hope this helps,
> 
> Travis L. Leuthauser
> 
> -----Original Message-----
> From: owner-freebsd-isp@FreeBSD.ORG
> [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of
> Fabrizio Ravazzini
> Sent: Tuesday, November 13, 2001 11:29 AM
> To: Fabrizio Ravazzini
> Cc: freebsd-isp@freebsd.org
> Subject: RE: Nat Gateway Firewall rules
> 
> 
>  --- Fabrizio Ravazzini <freefabri@yahoo.it> ha
> scritto: > many thanks for help,now I've tought to
> another
> > problem, I've read on the FreebSD Handbook
> > (cap17.11-Nat) and the natd manual page that with
> > the
> > option -redirect_address, if I have for example a
> > www
> > server I can redirect the traffic to this server
> > wich
> > is on the internal Lan or also to another machine
> > with
> > public Ip.
> > But the problem is: if I have two or more web
> > servers
> > in the lan or also out of the Lan which they must
> be
> > reached from the internet how can I redirect with
> > natd?
> > Because with natd I can redirect (I understood)
> only
> > one machine for one service.
> > Shortly the scheme:
> >
>  OPS!! the correct scheme is this(With the router)
> 
> 
>  		INTERNET
>  		  |
> 		  |
> 		  |Public Ip0
>              _____|_________
>             | Router CISCO  |
>             +------+--------+
>                    |
>                    |PublicIP1
>                  +---------+
>                  | NAT     |
>         	 |Firewall |
>                  +---------+       PublicIP2
>      +----+        |  |           +------+
>      |WWW1|--------+  +-----+-----| WWW2 |
>      +----+                 |     +------+
>        PublicIp3            |
>        or InternalLan1      |DNS
> 
> 
>  Thanks,bye
> 
> >
> > --- John Brooks <john@day-light.com> ha scritto: >
> > Try
> > these:
> > >
> > > http://www.obfuscation.org/ipf/
> > >
> > > http://geodsoft.com/howto/harden/
> > >
> > > --
> > > John Brooks
> > > Email:  john@stlbsd.org
> > >
> > > -----Original Message-----
> > >
> > > ...snip...
> > >
> > > I must provide a strong Firewall set of rules on
> > the
> > > nat, where can I find some docs to do such a
> > thing?
> > >
> > >
> > > To Unsubscribe: send mail to
> majordomo@FreeBSD.org
> > > with "unsubscribe freebsd-isp" in the body of
> the
> > message
> >
> >
>
______________________________________________________________________
> >
> > Abbonati a Yahoo! ADSL con Atlanet!
> > Naviga su Internet ad alta velocitą, e senza
> limiti
> > di tempo!
> > Per saperne di pił vai alla pagina
> > http://adsl.yahoo.it
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-isp" in the body of the
> message
> 
>
______________________________________________________________________
> 
> Abbonati a Yahoo! ADSL con Atlanet!
> Naviga su Internet ad alta velocitą, e senza limiti
> di tempo!
> Per saperne di pił vai alla pagina
> http://adsl.yahoo.it
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the
> message
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the
message 

______________________________________________________________________

Abbonati a Yahoo! ADSL con Atlanet!
Naviga su Internet ad alta velocitą, e senza limiti di tempo! 
Per saperne di pił vai alla pagina http://adsl.yahoo.it

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message