Date: 05 Nov 2002 13:28:24 -0800 From: swear@attbi.com (Gary W. Swearingen) To: "Jonas Sonntag" <js@setcom.de> Cc: <freebsd-questions@freebsd.org> Subject: Re: bridging the right way? Message-ID: <tjpttjpuyv.ttj@localhost.localdomain> In-Reply-To: <KIEEILJCLAIJNFGECHJOAEMHDLAA.js@setcom.de> References: <KIEEILJCLAIJNFGECHJOAEMHDLAA.js@setcom.de>
next in thread | previous in thread | raw e-mail | index | archive | help
"Jonas Sonntag" <js@setcom.de> writes: > so...is it possible this way, or would it be far smarter to plug a third nic > into the fbsd box only for bridging ? > > thanks for any advice I don't know if it's possible that way; I'm no expert. But I've read that it's foolish to put a public server (especially one with "soft" in it's name) on the same side of your firewall as your private hosts. You're supposed to assume that it will be cracked and treat it with as much fear as any other host on the Internet. The down side is that after you add the third NIC, you'll need to create two, or probably three, sets of firewall rules (LAN-Inet, DMZ-Inet, probably LAN-DMZ). (I once did it with all public IP addresses and routing, but it should be easier with NAT. I wish I had tried it with bridging; it was easy for a two-legged case, but I don't know for the three-legged case. I suspect I could have avoided my many routing problems (my 3-bit subnet could only support two subsubnets while three were "required").) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?tjpttjpuyv.ttj>