Date: Thu, 19 Aug 1999 16:51:42 -0700 (PDT) From: Brian <bri@sonicboom.org> To: Langa Kentane <evablunted@earthling.net> Cc: salleek@hqasc.army.mil, Cisco <cisco@groupstudy.com>, FreeBSD <freebsd-questions@FreeBSD.ORG> Subject: Re: router and firewall question Message-ID: <Pine.BSF.4.10.9908191650080.47216-100000@adsl-216-102-203-44.dsl.snfc21.pacbell.net> In-Reply-To: <000001beea6f$f4a64780$0a01a8c0@sunshine.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
You can do port redirection with bsd as a firewall, redirecting port x of a public address to the same or different port of a private server. Check the freebsd-questions mailing list archive at www.freebsd.org. Actually, OpenBSD is slightly more secure. Bri On Thu, 19 Aug 1999, Langa Kentane wrote: > Now the other thing I would like to know is how I would go about is that if > I use a private network address of 192.168.1.0 and put up my all my servers > behind it ie: http server, ftp server, mail server (pop3 and smtp) and a dns > server, will I not have problems with that, coz I need the stuff of the > company to be able to connect to these from the internet and the other idea > is that I want them to dial into the C2511 if the don't have a net > connection. > > The others will work, I think, the http server and stuff by using the host > name instead of the ip but then how will the be able to use the dns server > since that uses an ip address instead of a host name? > > PLease help > > > Actually what you have below won't work. The router will think that hosts > > 1-62 are on the local e0 segment - depending on the subnet mask used. The > > firewall will create subnets on both the secure and unsecure side. To > make > > it work this is what I would do: > > > > R1: > > > > ip subnet-zero > > ! > > interface e0 > > ip address 192.168.25.1 255.255.255.252 > > > > Give the ISP the rest of the address space back and use private addresses > > for local hosts. The firewall should do the address translation for you. > > Keep in mind that if you are going to be putting hosts in the unsecure > side > > of the firewall you'll want to keep some registered addresses. > > > > > > Kenny Sallee > > Army Network Systems Operation Center > > Ft. Huachuca, AZ > > DSN: 879-8212 > > COM: 520-538-8212 > > HelpDesk: 1-800-305-3036 > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9908191650080.47216-100000>