From owner-freebsd-questions  Tue Nov  5 13:27:54 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CD2A137B401
	for <freebsd-questions@freebsd.org>; Tue,  5 Nov 2002 13:27:53 -0800 (PST)
Received: from rwcrmhc53.attbi.com (rwcrmhc53.attbi.com [204.127.198.39])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 47AA643E88
	for <freebsd-questions@freebsd.org>; Tue,  5 Nov 2002 13:27:53 -0800 (PST)
	(envelope-from swear@attbi.com)
Received: from localhost.localdomain ([12.242.158.67])
          by rwcrmhc53.attbi.com
          (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP
          id <20021105212752.DMVV22218.rwcrmhc53.attbi.com@localhost.localdomain>;
          Tue, 5 Nov 2002 21:27:52 +0000
Received: from localhost.localdomain (localhost [127.0.0.1])
	by localhost.localdomain (8.12.6/8.12.5) with ESMTP id gA5LSYUW092882;
	Tue, 5 Nov 2002 13:28:35 -0800 (PST)
	(envelope-from swear@attbi.com)
Received: (from jojo@localhost)
	by localhost.localdomain (8.12.6/8.12.5/Submit) id gA5LSOgr092877;
	Tue, 5 Nov 2002 13:28:24 -0800 (PST)
	(envelope-from swear@attbi.com)
X-Authentication-Warning: localhost.localdomain: jojo set sender to swear@attbi.com using -f
To: "Jonas Sonntag" <js@setcom.de>
Cc: <freebsd-questions@freebsd.org>
Subject: Re: bridging the right way?
References: <KIEEILJCLAIJNFGECHJOAEMHDLAA.js@setcom.de>
From: swear@attbi.com (Gary W. Swearingen)
Date: 05 Nov 2002 13:28:24 -0800
In-Reply-To: <KIEEILJCLAIJNFGECHJOAEMHDLAA.js@setcom.de>
Message-ID: <tjpttjpuyv.ttj@localhost.localdomain>
Lines: 20
User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.1 (Cuyahoga Valley)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

"Jonas Sonntag" <js@setcom.de> writes:

> so...is it possible this way, or would it be far smarter to plug a third nic
> into the fbsd box only for bridging ?
> 
> thanks for any advice

I don't know if it's possible that way; I'm no expert.  But I've read
that it's foolish to put a public server (especially one with "soft" in
it's name) on the same side of your firewall as your private hosts.
You're supposed to assume that it will be cracked and treat it with as
much fear as any other host on the Internet.  The down side is that
after you add the third NIC, you'll need to create two, or probably
three, sets of firewall rules (LAN-Inet, DMZ-Inet, probably LAN-DMZ).

(I once did it with all public IP addresses and routing, but it should be
easier with NAT.  I wish I had tried it with bridging; it was easy for a
two-legged case, but I don't know for the three-legged case.  I suspect
I could have avoided my many routing problems (my 3-bit subnet could
only support two subsubnets while three were "required").)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message