From owner-freebsd-questions Thu Aug 19 13: 7:14 1999 Delivered-To: freebsd-questions@freebsd.org Received: from hqascexc1.army.mil (HQASCEXC1.ARMY.MIL [138.27.190.15]) by hub.freebsd.org (Postfix) with ESMTP id 4568C15007 for ; Thu, 19 Aug 1999 13:06:44 -0700 (PDT) (envelope-from salleek@hqasc.army.mil) Received: by hqascexc1.army.mil with Internet Mail Service (5.5.2650.10) id ; Thu, 19 Aug 1999 20:05:56 -0000 Message-ID: <6D1C7F13995FD11181C108002BB48A1CCE705E@HQASCEXC5> From: salleek@hqasc.army.mil To: salleek@hqasc.army.mil, evablunted@earthling.net Cc: cisco@groupstudy.com, freebsd-questions@freebsd.org Subject: RE: router and firewall question Date: Thu, 19 Aug 1999 20:05:57 -0000 X-Mailer: Internet Mail Service (5.5.2650.10) Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I don't have direct experience with firewalls, but from what I've seen, the firewall software should do it for you. You can make a rule that any incoming requests to destination port 80 are forwarded to the actual IP of the web server for example. Not sure how the NAT side works from a firewall either. You should contact the vendor and get a rep to come out and help you install it. Sorry I can't help anymore. Kenny Sallee Army Network Systems Operation Center Ft. Huachuca, AZ DSN: 879-8212 COM: 520-538-8212 HelpDesk: 1-800-305-3036 > ---------- > From: Langa Kentane[SMTP:evablunted@earthling.net] > Sent: Thursday, August 19, 1999 10:39 AM > To: salleek@hqasc.army.mil > Cc: Cisco; FreeBSD > Subject: Re: router and firewall question > > Now the other thing I would like to know is how I would go about is that > if > I use a private network address of 192.168.1.0 and put up my all my > servers > behind it ie: http server, ftp server, mail server (pop3 and smtp) and a > dns > server, will I not have problems with that, coz I need the stuff of the > company to be able to connect to these from the internet and the other > idea > is that I want them to dial into the C2511 if the don't have a net > connection. > > The others will work, I think, the http server and stuff by using the host > name instead of the ip but then how will the be able to use the dns server > since that uses an ip address instead of a host name? > > PLease help > > > Actually what you have below won't work. The router will think that > hosts > > 1-62 are on the local e0 segment - depending on the subnet mask used. > The > > firewall will create subnets on both the secure and unsecure side. To > make > > it work this is what I would do: > > > > R1: > > > > ip subnet-zero > > ! > > interface e0 > > ip address 192.168.25.1 255.255.255.252 > > > > Give the ISP the rest of the address space back and use private > addresses > > for local hosts. The firewall should do the address translation for > you. > > Keep in mind that if you are going to be putting hosts in the unsecure > side > > of the firewall you'll want to keep some registered addresses. > > > > > > Kenny Sallee > > Army Network Systems Operation Center > > Ft. Huachuca, AZ > > DSN: 879-8212 > > COM: 520-538-8212 > > HelpDesk: 1-800-305-3036 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message