From owner-freebsd-questions@FreeBSD.ORG Fri Aug 18 15:51:26 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3D8B716A4DE for ; Fri, 18 Aug 2006 15:51:26 +0000 (UTC) (envelope-from sma@physik.tu-berlin.de) Received: from mail2.zrz.tu-berlin.de (mail2.zrz.TU-Berlin.DE [130.149.4.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id B332643D46 for ; Fri, 18 Aug 2006 15:51:23 +0000 (GMT) (envelope-from sma@physik.tu-berlin.de) Received: from localhost ([127.0.0.1] helo=mail2.zrz.TU-Berlin.DE) by mail2.zrz.tu-berlin.de with esmtp (exim-4.63) for id 1GE6d0-0002PD-BB; Fri, 18 Aug 2006 17:51:22 +0200 Received: from mail2.zrz.TU-Berlin.DE ([130.149.4.14]) by mail2.zrz.TU-Berlin.DE (MailMonitor for SMTP v1.2.2 ) ; Fri, 18 Aug 2006 17:51:22 +0200 (CEST) Received: from mailbox.tu-berlin.de ([130.149.4.18]) by mail2.zrz.tu-berlin.de with esmtp (exim-4.63) for id 1GE6d0-0002P4-A9; Fri, 18 Aug 2006 17:51:22 +0200 Received: from p5495d402.dip.t-dialin.net ([84.149.212.2] helo=[192.168.0.6]) by mailbox.tu-berlin.de with esmtpsa [TLSv1:RC4-MD5:128] (exim-4.63) for id 1GE6cz-0006Sd-Pt; Fri, 18 Aug 2006 17:51:22 +0200 Message-ID: <44E5E1FB.3060604@physik.tu-berlin.de> Date: Fri, 18 Aug 2006 17:51:23 +0200 From: Andreas Herrmann User-Agent: Thunderbird 1.5.0.5 (Windows/20060719) MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: Sophos MailMonitor on mail2.zrz.tu-berlin.de; Fri, 18 Aug 2006 17:51:22 +0200 Subject: Routing intp private subnet X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 15:51:26 -0000 Hi there, I want to setup a gateway / firewall solution with current FreeBSD. The network has following structure: Several host (host[1,...,x].domain.net) are defined within the DNS and all of them have the same A-Record with the IP 1.2.3.4 The gateway is listening on its external network interface with the IP 1.2.3.4 and has an internal interface with a private subnet (192.168.0.0/24). The hosts (host[1,...,x].) are addressed in this subnet. How can it be solved, that the gateway opens a tunnel to the special host in the private subnet (let.s say 192.168.0.3) if there is a query for host3.domain.net? In my opinion this cannot be done because the client queries the DNS and simply opens the connection to the IP 1.2.3.4 and the gateway has now hints how to decide to which internal host the tunnel should be opened. But this setup is possible because Microsoft ISA Server exactly does this job? I have have no idea how to solve this. First idea was a kernel bridge between the interfaces. Do you have any hints for me? Thanks a lot! Andreas