Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 03 Feb 2003 17:33:40 -0500
From:      Bill Moran <wmoran@potentialtech.com>
To:        Peter <fbsdq@kuyarov.org>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: FBSD firewall in front of windows IIS servers  HOW
Message-ID:  <3E3EEE44.9040706@potentialtech.com>
References:  <20030203152311.7af897d4.fbsdq@kuyarov.org>

next in thread | previous in thread | raw e-mail | index | archive | help
[Please wrap lines to a reasonable length]

Peter wrote:
> Hello,
> 	Just wondering what would be the best way to do this...
> 
> 
> 		INTERNET----FBSD FIREWALL----WINDOWS IIS SERVER
> 
> 
> Basically what would be the best way to have freebsd accept incoming connections, run them
 > thru the firewall, and all the packets that pass forward them to internal windows machines.
 > I dont' want the windows boxen directly on the net, I want to put a FBSD firewall in front
 > of them, and so far the best option I've found on how to do this is to have the windows boxen
 > be 192.168.x.x and have the fbsd boxen forward all connections to "public_ip" to the windows
 > box via natd.  Does this seem like a good plan? Or anyone know of another better way to do this?

That's how I would do it.  I can't think of a better way, off the top of my head.

Unless you want to proxy.  You could set up FreeBSD with squid configured to reverse proxy,
which should reduce internal traffic and increase performance.  I don't know what your
situation is, but I wouldn't bother with squid unless I was experimenting with squid or
had a situation where the IIS servers were getting hammered by requests.

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E3EEE44.9040706>