From owner-freebsd-isp Tue Nov 13 9:56: 9 2001 Delivered-To: freebsd-isp@freebsd.org Received: from web20107.mail.yahoo.com (web20107.mail.yahoo.com [216.136.226.44]) by hub.freebsd.org (Postfix) with SMTP id 870E937B416 for ; Tue, 13 Nov 2001 09:55:36 -0800 (PST) Message-ID: <20011113175536.44670.qmail@web20107.mail.yahoo.com> Received: from [62.11.71.109] by web20107.mail.yahoo.com via HTTP; Tue, 13 Nov 2001 18:55:36 CET Date: Tue, 13 Nov 2001 18:55:36 +0100 (CET) From: =?iso-8859-1?q?Fabrizio=20Ravazzini?= Subject: RE: Nat Gateway Firewall rules To: "Travis L. Leuthauser" Cc: freebsd-isp@freebsd.org In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thanks a lot,Tomorrow morning I'll try. Best regards --- "Travis L. Leuthauser" ha scritto: > I'm making the assumption that all of your public > IP's are in the same > subnet. That being the case, you would setup > PublicIP2 and PublicIP3 as > aliases to your ethernet card.. > > ifconfig xl0 inet PublicIP2 netmask 255.255.255.255 > alias > ifconfig xl0 inet PublicIP3 netmask 255.255.255.255 > alias > ^^^ replace w/ whatever your external > ethernet card driver is. > > Travis L. Leuthauser > > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of > Fabrizio Ravazzini > Sent: Tuesday, November 13, 2001 11:48 AM > To: Travis L. Leuthauser > Cc: freebsd-isp@freebsd.org > Subject: RE: Nat Gateway Firewall rules > > > Ok ok, I got it, great, that's what I want. > But How can I assign PublicIp1,2,3 to the gateway. > I give more ip's to the same eth card on the gateway > or I have to play with the router? > > --- "Travis L. Leuthauser" ha > scritto: > Why not assign all public IP's to the > FreeBSD > > gateway and then forward port > > requests to internal boxes based on IP/port > > combinations. Like such: > > > > INTERNET > > | > > | > > |Public Ip0 > > _____|_________ > > | Router CISCO | > > +------+--------+ > > | > > |PublicIP1,PublicIP2,PublicIp3 > > +---------+ > > | NAT | > > |Firewall | > > +---------+ DMZLan1 > > +----+ | | +------+ > > |WWW1|--------+ +-----+-----| WWW2 | > > +----+ | +------+ > > | > > InternalLan1 |DNS (DMZLan2) > > > > Then do your forwarding like so: > > > > PublicIP2:80 --> DMZLan1:80 > > PublicIP2:53 --> DMZLan2:53 > > PublicIP3:80 --> InternalLan1:80 > > and so on. > > > > Hope this helps, > > > > Travis L. Leuthauser > > > > -----Original Message----- > > From: owner-freebsd-isp@FreeBSD.ORG > > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of > > Fabrizio Ravazzini > > Sent: Tuesday, November 13, 2001 11:29 AM > > To: Fabrizio Ravazzini > > Cc: freebsd-isp@freebsd.org > > Subject: RE: Nat Gateway Firewall rules > > > > > > --- Fabrizio Ravazzini ha > > scritto: > many thanks for help,now I've tought to > > another > > > problem, I've read on the FreebSD Handbook > > > (cap17.11-Nat) and the natd manual page that > with > > > the > > > option -redirect_address, if I have for example > a > > > www > > > server I can redirect the traffic to this server > > > wich > > > is on the internal Lan or also to another > machine > > > with > > > public Ip. > > > But the problem is: if I have two or more web > > > servers > > > in the lan or also out of the Lan which they > must > > be > > > reached from the internet how can I redirect > with > > > natd? > > > Because with natd I can redirect (I understood) > > only > > > one machine for one service. > > > Shortly the scheme: > > > > > OPS!! the correct scheme is this(With the router) > > > > > > INTERNET > > | > > | > > |Public Ip0 > > _____|_________ > > | Router CISCO | > > +------+--------+ > > | > > |PublicIP1 > > +---------+ > > | NAT | > > |Firewall | > > +---------+ PublicIP2 > > +----+ | | +------+ > > |WWW1|--------+ +-----+-----| WWW2 | > > +----+ | +------+ > > PublicIp3 | > > or InternalLan1 |DNS > > > > > > Thanks,bye > > > > > > > > --- John Brooks ha scritto: > > > > > Try > > > these: > > > > > > > > http://www.obfuscation.org/ipf/ > > > > > > > > http://geodsoft.com/howto/harden/ > > > > > > > > -- > > > > John Brooks > > > > Email: john@stlbsd.org > > > > > > > > -----Original Message----- > > > > > > > > ...snip... > > > > > > > > I must provide a strong Firewall set of rules > on > > > the > > > > nat, where can I find some docs to do such a > > > thing? > > > > > > > > > > > > To Unsubscribe: send mail to > > majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-isp" in the body of > > the > > > message > > > > > > > > > ______________________________________________________________________ > > > > > > Abbonati a Yahoo! ADSL con Atlanet! > > > Naviga su Internet ad alta velocitą, e senza > > limiti > > > di tempo! > > > Per saperne di pił vai alla pagina > > > http://adsl.yahoo.it > > > > > > To Unsubscribe: send mail to > majordomo@FreeBSD.org > > > with "unsubscribe freebsd-isp" in the body of > the > > message > > > > > ______________________________________________________________________ > > > > Abbonati a Yahoo! ADSL con Atlanet! > > Naviga su Internet ad alta velocitą, e senza > limiti > > di tempo! > > Per saperne di pił vai alla pagina > > http://adsl.yahoo.it > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the > > message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the > message > > ______________________________________________________________________ > > Abbonati a Yahoo! ADSL con Atlanet! > === message truncated === ______________________________________________________________________ Abbonati a Yahoo! ADSL con Atlanet! Naviga su Internet ad alta velocitą, e senza limiti di tempo! Per saperne di pił vai alla pagina http://adsl.yahoo.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message