Date: Thu, 19 Aug 1999 20:05:57 -0000 From: salleek@hqasc.army.mil To: salleek@hqasc.army.mil, evablunted@earthling.net Cc: cisco@groupstudy.com, freebsd-questions@freebsd.org Subject: RE: router and firewall question Message-ID: <6D1C7F13995FD11181C108002BB48A1CCE705E@HQASCEXC5>
next in thread | raw e-mail | index | archive | help
I don't have direct experience with firewalls, but from what I've seen, the firewall software should do it for you. You can make a rule that any incoming requests to destination port 80 are forwarded to the actual IP of the web server for example. Not sure how the NAT side works from a firewall either. You should contact the vendor and get a rep to come out and help you install it. Sorry I can't help anymore. Kenny Sallee Army Network Systems Operation Center Ft. Huachuca, AZ DSN: 879-8212 COM: 520-538-8212 HelpDesk: 1-800-305-3036 > ---------- > From: Langa Kentane[SMTP:evablunted@earthling.net] > Sent: Thursday, August 19, 1999 10:39 AM > To: salleek@hqasc.army.mil > Cc: Cisco; FreeBSD > Subject: Re: router and firewall question > > Now the other thing I would like to know is how I would go about is that > if > I use a private network address of 192.168.1.0 and put up my all my > servers > behind it ie: http server, ftp server, mail server (pop3 and smtp) and a > dns > server, will I not have problems with that, coz I need the stuff of the > company to be able to connect to these from the internet and the other > idea > is that I want them to dial into the C2511 if the don't have a net > connection. > > The others will work, I think, the http server and stuff by using the host > name instead of the ip but then how will the be able to use the dns server > since that uses an ip address instead of a host name? > > PLease help > > > Actually what you have below won't work. The router will think that > hosts > > 1-62 are on the local e0 segment - depending on the subnet mask used. > The > > firewall will create subnets on both the secure and unsecure side. To > make > > it work this is what I would do: > > > > R1: > > > > ip subnet-zero > > ! > > interface e0 > > ip address 192.168.25.1 255.255.255.252 > > > > Give the ISP the rest of the address space back and use private > addresses > > for local hosts. The firewall should do the address translation for > you. > > Keep in mind that if you are going to be putting hosts in the unsecure > side > > of the firewall you'll want to keep some registered addresses. > > > > > > Kenny Sallee > > Army Network Systems Operation Center > > Ft. Huachuca, AZ > > DSN: 879-8212 > > COM: 520-538-8212 > > HelpDesk: 1-800-305-3036 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6D1C7F13995FD11181C108002BB48A1CCE705E>