Date: Tue, 31 Jul 2001 12:13:17 -0300 (ART) From: Fernando Gleiser <fgleiser@cactus.fi.uba.ar> To: Wayne Pascoe <wayne.pascoe@realtime.co.uk> Cc: <freebsd-questions@FreeBSD.ORG> Subject: Re: Nat with ipf Message-ID: <20010731115643.Y18773-100000@cactus.fi.uba.ar> In-Reply-To: <86n15l2wgg.fsf@pan.ehsrealtime.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 31 Jul 2001, Wayne Pascoe wrote: > > This translates all outgoing connections from the 192.168.2.0 > network. Is there any way to do NAT to all addresses BUT my own public > range? I am seeing INCREDIBLY slow copy's and connections from > machines in the public range to machines in the NAT range. I move the machines with the public IP to another RFC 1918 LAN (the DMZ) and bimap the public IPs to those IPs. This way, you won't NAT from the internal LAN to your public servers, and all of your public servers will be behind the firewall, which is usually a good thing. For example: | | +----------+ | | | +---- DMZ (192.168.0.0/24) | | +----------+ | Internal LAN (192.168.1.0/24) Lets say your public IP are 172.16.1.0-8, your MX is the .3, then you bimap 192.168.0.3 to 172.16.1.3 Hope this helps Fer > > Thanks, > > -- > - Wayne Pascoe > E-mail: wayne.pascoe@realtime.co.uk > Phone : +44 (0) 20 7544 4668 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010731115643.Y18773-100000>