From owner-freebsd-isp Tue Nov 13 9:52: 5 2001 Delivered-To: freebsd-isp@freebsd.org Received: from qmail.broadbandip.net (s01.wave-speed.net [204.1.106.4]) by hub.freebsd.org (Postfix) with SMTP id 8E8AB37B418 for ; Tue, 13 Nov 2001 09:51:56 -0800 (PST) Received: (qmail 14262 invoked by uid 7770); 13 Nov 2001 17:51:56 -0000 Received: from nat-gw.gecinc.com (HELO travisl) (204.27.124.229) by s01.wave-speed.net with SMTP; 13 Nov 2001 17:51:56 -0000 From: "Travis L. Leuthauser" To: "Fabrizio Ravazzini" Cc: Subject: RE: Nat Gateway Firewall rules Date: Tue, 13 Nov 2001 11:51:55 -0600 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <20011113174810.81828.qmail@web20102.mail.yahoo.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'm making the assumption that all of your public IP's are in the same subnet. That being the case, you would setup PublicIP2 and PublicIP3 as aliases to your ethernet card.. ifconfig xl0 inet PublicIP2 netmask 255.255.255.255 alias ifconfig xl0 inet PublicIP3 netmask 255.255.255.255 alias ^^^ replace w/ whatever your external ethernet card driver is. Travis L. Leuthauser -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Fabrizio Ravazzini Sent: Tuesday, November 13, 2001 11:48 AM To: Travis L. Leuthauser Cc: freebsd-isp@freebsd.org Subject: RE: Nat Gateway Firewall rules Ok ok, I got it, great, that's what I want. But How can I assign PublicIp1,2,3 to the gateway. I give more ip's to the same eth card on the gateway or I have to play with the router? --- "Travis L. Leuthauser" ha scritto: > Why not assign all public IP's to the FreeBSD > gateway and then forward port > requests to internal boxes based on IP/port > combinations. Like such: > > INTERNET > | > | > |Public Ip0 > _____|_________ > | Router CISCO | > +------+--------+ > | > |PublicIP1,PublicIP2,PublicIp3 > +---------+ > | NAT | > |Firewall | > +---------+ DMZLan1 > +----+ | | +------+ > |WWW1|--------+ +-----+-----| WWW2 | > +----+ | +------+ > | > InternalLan1 |DNS (DMZLan2) > > Then do your forwarding like so: > > PublicIP2:80 --> DMZLan1:80 > PublicIP2:53 --> DMZLan2:53 > PublicIP3:80 --> InternalLan1:80 > and so on. > > Hope this helps, > > Travis L. Leuthauser > > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of > Fabrizio Ravazzini > Sent: Tuesday, November 13, 2001 11:29 AM > To: Fabrizio Ravazzini > Cc: freebsd-isp@freebsd.org > Subject: RE: Nat Gateway Firewall rules > > > --- Fabrizio Ravazzini ha > scritto: > many thanks for help,now I've tought to > another > > problem, I've read on the FreebSD Handbook > > (cap17.11-Nat) and the natd manual page that with > > the > > option -redirect_address, if I have for example a > > www > > server I can redirect the traffic to this server > > wich > > is on the internal Lan or also to another machine > > with > > public Ip. > > But the problem is: if I have two or more web > > servers > > in the lan or also out of the Lan which they must > be > > reached from the internet how can I redirect with > > natd? > > Because with natd I can redirect (I understood) > only > > one machine for one service. > > Shortly the scheme: > > > OPS!! the correct scheme is this(With the router) > > > INTERNET > | > | > |Public Ip0 > _____|_________ > | Router CISCO | > +------+--------+ > | > |PublicIP1 > +---------+ > | NAT | > |Firewall | > +---------+ PublicIP2 > +----+ | | +------+ > |WWW1|--------+ +-----+-----| WWW2 | > +----+ | +------+ > PublicIp3 | > or InternalLan1 |DNS > > > Thanks,bye > > > > > --- John Brooks ha scritto: > > > Try > > these: > > > > > > http://www.obfuscation.org/ipf/ > > > > > > http://geodsoft.com/howto/harden/ > > > > > > -- > > > John Brooks > > > Email: john@stlbsd.org > > > > > > -----Original Message----- > > > > > > ...snip... > > > > > > I must provide a strong Firewall set of rules on > > the > > > nat, where can I find some docs to do such a > > thing? > > > > > > > > > To Unsubscribe: send mail to > majordomo@FreeBSD.org > > > with "unsubscribe freebsd-isp" in the body of > the > > message > > > > > ______________________________________________________________________ > > > > Abbonati a Yahoo! ADSL con Atlanet! > > Naviga su Internet ad alta velocitą, e senza > limiti > > di tempo! > > Per saperne di pił vai alla pagina > > http://adsl.yahoo.it > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the > message > > ______________________________________________________________________ > > Abbonati a Yahoo! ADSL con Atlanet! > Naviga su Internet ad alta velocitą, e senza limiti > di tempo! > Per saperne di pił vai alla pagina > http://adsl.yahoo.it > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the > message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message ______________________________________________________________________ Abbonati a Yahoo! ADSL con Atlanet! Naviga su Internet ad alta velocitą, e senza limiti di tempo! Per saperne di pił vai alla pagina http://adsl.yahoo.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message