Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 13 Nov 2001 18:48:10 +0100 (CET)
From:      =?iso-8859-1?q?Fabrizio=20Ravazzini?= <freefabri@yahoo.it>
To:        "Travis L. Leuthauser" <travis@bbipmail.com>
Cc:        freebsd-isp@freebsd.org
Subject:   RE: Nat Gateway Firewall rules
Message-ID:  <20011113174810.81828.qmail@web20102.mail.yahoo.com>
In-Reply-To: <NEBBIGMCEDGDNFGOAAFLAEIHGJAA.travis@bbipmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Ok ok, I got it, great, that's what I want.
But How can I assign  PublicIp1,2,3 to the gateway.
I give more ip's to the same eth card on the gateway
or I have to play with the router?

--- "Travis L. Leuthauser" <travis@bbipmail.com> ha
scritto: > Why not assign all public IP's to the
FreeBSD
> gateway and then forward port
> requests to internal boxes based on IP/port
> combinations.  Like such:
> 
> 		INTERNET
>  		  |
> 		  |
> 		  |Public Ip0
>              _____|_________
>             | Router CISCO  |
>             +------+--------+
>                    |
>                    |PublicIP1,PublicIP2,PublicIp3
>                  +---------+
>                  | NAT     |
>         	 |Firewall |
>                  +---------+       DMZLan1
>      +----+        |  |           +------+
>      |WWW1|--------+  +-----+-----| WWW2 |
>      +----+                 |     +------+
>                             |
>        InternalLan1         |DNS (DMZLan2)
> 
> Then do your forwarding like so:
> 
> PublicIP2:80 -->  DMZLan1:80
> PublicIP2:53 -->  DMZLan2:53
> PublicIP3:80 -->  InternalLan1:80
> and so on.
> 
> Hope this helps,
> 
> Travis L. Leuthauser
> 
> -----Original Message-----
> From: owner-freebsd-isp@FreeBSD.ORG
> [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of
> Fabrizio Ravazzini
> Sent: Tuesday, November 13, 2001 11:29 AM
> To: Fabrizio Ravazzini
> Cc: freebsd-isp@freebsd.org
> Subject: RE: Nat Gateway Firewall rules
> 
> 
>  --- Fabrizio Ravazzini <freefabri@yahoo.it> ha
> scritto: > many thanks for help,now I've tought to
> another
> > problem, I've read on the FreebSD Handbook
> > (cap17.11-Nat) and the natd manual page that with
> > the
> > option -redirect_address, if I have for example a
> > www
> > server I can redirect the traffic to this server
> > wich
> > is on the internal Lan or also to another machine
> > with
> > public Ip.
> > But the problem is: if I have two or more web
> > servers
> > in the lan or also out of the Lan which they must
> be
> > reached from the internet how can I redirect with
> > natd?
> > Because with natd I can redirect (I understood)
> only
> > one machine for one service.
> > Shortly the scheme:
> >
>  OPS!! the correct scheme is this(With the router)
> 
> 
>  		INTERNET
>  		  |
> 		  |
> 		  |Public Ip0
>              _____|_________
>             | Router CISCO  |
>             +------+--------+
>                    |
>                    |PublicIP1
>                  +---------+
>                  | NAT     |
>         	 |Firewall |
>                  +---------+       PublicIP2
>      +----+        |  |           +------+
>      |WWW1|--------+  +-----+-----| WWW2 |
>      +----+                 |     +------+
>        PublicIp3            |
>        or InternalLan1      |DNS
> 
> 
>  Thanks,bye
> 
> >
> > --- John Brooks <john@day-light.com> ha scritto: >
> > Try
> > these:
> > >
> > > http://www.obfuscation.org/ipf/
> > >
> > > http://geodsoft.com/howto/harden/
> > >
> > > --
> > > John Brooks
> > > Email:  john@stlbsd.org
> > >
> > > -----Original Message-----
> > >
> > > ...snip...
> > >
> > > I must provide a strong Firewall set of rules on
> > the
> > > nat, where can I find some docs to do such a
> > thing?
> > >
> > >
> > > To Unsubscribe: send mail to
> majordomo@FreeBSD.org
> > > with "unsubscribe freebsd-isp" in the body of
> the
> > message
> >
> >
>
______________________________________________________________________
> >
> > Abbonati a Yahoo! ADSL con Atlanet!
> > Naviga su Internet ad alta velocitą, e senza
> limiti
> > di tempo!
> > Per saperne di pił vai alla pagina
> > http://adsl.yahoo.it
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-isp" in the body of the
> message
> 
>
______________________________________________________________________
> 
> Abbonati a Yahoo! ADSL con Atlanet!
> Naviga su Internet ad alta velocitą, e senza limiti
> di tempo!
> Per saperne di pił vai alla pagina
> http://adsl.yahoo.it
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the
> message
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the
message 

______________________________________________________________________

Abbonati a Yahoo! ADSL con Atlanet!
Naviga su Internet ad alta velocitą, e senza limiti di tempo! 
Per saperne di pił vai alla pagina http://adsl.yahoo.it

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011113174810.81828.qmail>