Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 13 Nov 2001 11:51:55 -0600
From:      "Travis L. Leuthauser" <travis@bbipmail.com>
To:        "Fabrizio Ravazzini" <freefabri@yahoo.it>
Cc:        <freebsd-isp@freebsd.org>
Subject:   RE: Nat Gateway Firewall rules
Message-ID:  <NEBBIGMCEDGDNFGOAAFLMEIIGJAA.travis@bbipmail.com>
In-Reply-To: <20011113174810.81828.qmail@web20102.mail.yahoo.com>

next in thread | previous in thread | raw e-mail | index | archive | help
I'm making the assumption that all of your public IP's are in the same
subnet.  That being the case, you would setup PublicIP2 and PublicIP3 as
aliases to your ethernet card..

ifconfig xl0 inet PublicIP2 netmask 255.255.255.255 alias
ifconfig xl0 inet PublicIP3 netmask 255.255.255.255 alias
         ^^^ replace w/ whatever your external ethernet card driver is.

Travis L. Leuthauser

-----Original Message-----
From: owner-freebsd-isp@FreeBSD.ORG
[mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Fabrizio Ravazzini
Sent: Tuesday, November 13, 2001 11:48 AM
To: Travis L. Leuthauser
Cc: freebsd-isp@freebsd.org
Subject: RE: Nat Gateway Firewall rules


Ok ok, I got it, great, that's what I want.
But How can I assign  PublicIp1,2,3 to the gateway.
I give more ip's to the same eth card on the gateway
or I have to play with the router?

--- "Travis L. Leuthauser" <travis@bbipmail.com> ha
scritto: > Why not assign all public IP's to the
FreeBSD
> gateway and then forward port
> requests to internal boxes based on IP/port
> combinations.  Like such:
>
> 		INTERNET
>  		  |
> 		  |
> 		  |Public Ip0
>              _____|_________
>             | Router CISCO  |
>             +------+--------+
>                    |
>                    |PublicIP1,PublicIP2,PublicIp3
>                  +---------+
>                  | NAT     |
>         	 |Firewall |
>                  +---------+       DMZLan1
>      +----+        |  |           +------+
>      |WWW1|--------+  +-----+-----| WWW2 |
>      +----+                 |     +------+
>                             |
>        InternalLan1         |DNS (DMZLan2)
>
> Then do your forwarding like so:
>
> PublicIP2:80 -->  DMZLan1:80
> PublicIP2:53 -->  DMZLan2:53
> PublicIP3:80 -->  InternalLan1:80
> and so on.
>
> Hope this helps,
>
> Travis L. Leuthauser
>
> -----Original Message-----
> From: owner-freebsd-isp@FreeBSD.ORG
> [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of
> Fabrizio Ravazzini
> Sent: Tuesday, November 13, 2001 11:29 AM
> To: Fabrizio Ravazzini
> Cc: freebsd-isp@freebsd.org
> Subject: RE: Nat Gateway Firewall rules
>
>
>  --- Fabrizio Ravazzini <freefabri@yahoo.it> ha
> scritto: > many thanks for help,now I've tought to
> another
> > problem, I've read on the FreebSD Handbook
> > (cap17.11-Nat) and the natd manual page that with
> > the
> > option -redirect_address, if I have for example a
> > www
> > server I can redirect the traffic to this server
> > wich
> > is on the internal Lan or also to another machine
> > with
> > public Ip.
> > But the problem is: if I have two or more web
> > servers
> > in the lan or also out of the Lan which they must
> be
> > reached from the internet how can I redirect with
> > natd?
> > Because with natd I can redirect (I understood)
> only
> > one machine for one service.
> > Shortly the scheme:
> >
>  OPS!! the correct scheme is this(With the router)
>
>
>  		INTERNET
>  		  |
> 		  |
> 		  |Public Ip0
>              _____|_________
>             | Router CISCO  |
>             +------+--------+
>                    |
>                    |PublicIP1
>                  +---------+
>                  | NAT     |
>         	 |Firewall |
>                  +---------+       PublicIP2
>      +----+        |  |           +------+
>      |WWW1|--------+  +-----+-----| WWW2 |
>      +----+                 |     +------+
>        PublicIp3            |
>        or InternalLan1      |DNS
>
>
>  Thanks,bye
>
> >
> > --- John Brooks <john@day-light.com> ha scritto: >
> > Try
> > these:
> > >
> > > http://www.obfuscation.org/ipf/
> > >
> > > http://geodsoft.com/howto/harden/
> > >
> > > --
> > > John Brooks
> > > Email:  john@stlbsd.org
> > >
> > > -----Original Message-----
> > >
> > > ...snip...
> > >
> > > I must provide a strong Firewall set of rules on
> > the
> > > nat, where can I find some docs to do such a
> > thing?
> > >
> > >
> > > To Unsubscribe: send mail to
> majordomo@FreeBSD.org
> > > with "unsubscribe freebsd-isp" in the body of
> the
> > message
> >
> >
>
______________________________________________________________________
> >
> > Abbonati a Yahoo! ADSL con Atlanet!
> > Naviga su Internet ad alta velocitą, e senza
> limiti
> > di tempo!
> > Per saperne di pił vai alla pagina
> > http://adsl.yahoo.it
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-isp" in the body of the
> message
>
>
______________________________________________________________________
>
> Abbonati a Yahoo! ADSL con Atlanet!
> Naviga su Internet ad alta velocitą, e senza limiti
> di tempo!
> Per saperne di pił vai alla pagina
> http://adsl.yahoo.it
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the
> message
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the
message

______________________________________________________________________

Abbonati a Yahoo! ADSL con Atlanet!
Naviga su Internet ad alta velocitą, e senza limiti di tempo!
Per saperne di pił vai alla pagina http://adsl.yahoo.it

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NEBBIGMCEDGDNFGOAAFLMEIIGJAA.travis>