Date: Tue, 12 Dec 2006 21:28:01 +0000 From: Vince Hoffman <jhary@unsane.co.uk> To: Bret J Esquivel <besquivel@immense.net> Cc: freebsd-questions@freebsd.org Subject: Re: Routing Question Message-ID: <457F1EE1.6020600@unsane.co.uk> In-Reply-To: <008701c71e2f$60ea9130$22bfb390$@net> References: <008701c71e2f$60ea9130$22bfb390$@net>
next in thread | previous in thread | raw e-mail | index | archive | help
Bret J Esquivel wrote: > Hi, > > > > I have a cable modem at my office with a /28 allocated. I have a FreeBSD 6.1 > firewall/router in between the cable modem and the switch to other nodes. My > question is how could I add static routes to say my web server having an > external IP address but still going through the firewall box? NAT is not an > option. > > > > INET (70.164.48.225/28) -> [xl0] Firewall (70.164.48.226) [xl1] -> [xl0] Web > server (70.164.48.227) > > Only really one choice if you really don't want NAT (i've run web servers with a static nat many times though so i wouldn't rule it out if i were you) Routing wouldn't work in this scenario as you dont have enough control, you would have to bridge the interfaces on your firewall. man if_bridge. Bridging xl0 and xl1 on your firewall will make it act like a 2 port hub, but pf ,ipfw and ipf can still filter packets going across it. Personally in this situation i'd just add the IPs to the freebsd box and set static NATs up for anything that needs to be externally visible but a bridging firewall should work too. Vince > > > Thanks in advance. > > > > Bret > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?457F1EE1.6020600>