Date: Thu, 12 Nov 1998 16:31:33 -0600 (CST) From: Mike Jenkins <mjenkins@carp.gbr.epa.gov> To: billf@chc-chimes.com, terry@dcomm.net Cc: freebsd-isp@FreeBSD.ORG Subject: Re: IP masqurading Message-ID: <199811122231.QAA08023@carp.gbr.epa.gov> In-Reply-To: <Pine.HPP.3.96.981112163041.968A-100000@hp9000.chc-chimes.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 12 Nov 1998 Bill Fumerola <billf@chc-chimes.com> wrote: > > On Thu, 12 Nov 1998, Terry Ewing wrote: > > > People here are thinking of putting our co-located computers behind a > > FreeBSD IPFW firewall. At the same time they were thinking of giving the > > co-located servers 192.168.x.x IP's so they can be removed if we go through > > renumbering. We'd just masquerade the real IP to the 192.168 IP in the > > firewall. > > > > Can anyone arm me with a good reason why we shouldn't do this? > > Because giving (paying) colocated server internal IPs is degrading the > QoS. Some UDP and other programs don't work with it. If he used static NAT (many-to-many) (as he suggested in the last sentence of paragraph 1) instead of IP Masquerade (many-to-one) (as his subject line suggested) he should be ok. Of course, he will have to use a split-DNS to keep the inside servers happy. If the external addresses change (new provider?), he can change the NAT table and the external DNS, but won't have to reconfigure the internal hosts. Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811122231.QAA08023>