From owner-freebsd-questions Thu Aug 19 16:53:16 1999 Delivered-To: freebsd-questions@freebsd.org Received: from adsl-216-102-203-44.dsl.snfc21.pacbell.net (adsl-216-102-203-44.dsl.snfc21.pacbell.net [216.102.203.44]) by hub.freebsd.org (Postfix) with ESMTP id 4632E14E1F for ; Thu, 19 Aug 1999 16:53:12 -0700 (PDT) (envelope-from bri@sonicboom.org) Received: from localhost (bri@localhost) by adsl-216-102-203-44.dsl.snfc21.pacbell.net (8.9.3/8.9.3) with ESMTP id QAA47221; Thu, 19 Aug 1999 16:51:42 -0700 (PDT) (envelope-from bri@sonicboom.org) Date: Thu, 19 Aug 1999 16:51:42 -0700 (PDT) From: Brian X-Sender: bri@adsl-216-102-203-44.dsl.snfc21.pacbell.net To: Langa Kentane Cc: salleek@hqasc.army.mil, Cisco , FreeBSD Subject: Re: router and firewall question In-Reply-To: <000001beea6f$f4a64780$0a01a8c0@sunshine.co.za> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG You can do port redirection with bsd as a firewall, redirecting port x of a public address to the same or different port of a private server. Check the freebsd-questions mailing list archive at www.freebsd.org. Actually, OpenBSD is slightly more secure. Bri On Thu, 19 Aug 1999, Langa Kentane wrote: > Now the other thing I would like to know is how I would go about is that if > I use a private network address of 192.168.1.0 and put up my all my servers > behind it ie: http server, ftp server, mail server (pop3 and smtp) and a dns > server, will I not have problems with that, coz I need the stuff of the > company to be able to connect to these from the internet and the other idea > is that I want them to dial into the C2511 if the don't have a net > connection. > > The others will work, I think, the http server and stuff by using the host > name instead of the ip but then how will the be able to use the dns server > since that uses an ip address instead of a host name? > > PLease help > > > Actually what you have below won't work. The router will think that hosts > > 1-62 are on the local e0 segment - depending on the subnet mask used. The > > firewall will create subnets on both the secure and unsecure side. To > make > > it work this is what I would do: > > > > R1: > > > > ip subnet-zero > > ! > > interface e0 > > ip address 192.168.25.1 255.255.255.252 > > > > Give the ISP the rest of the address space back and use private addresses > > for local hosts. The firewall should do the address translation for you. > > Keep in mind that if you are going to be putting hosts in the unsecure > side > > of the firewall you'll want to keep some registered addresses. > > > > > > Kenny Sallee > > Army Network Systems Operation Center > > Ft. Huachuca, AZ > > DSN: 879-8212 > > COM: 520-538-8212 > > HelpDesk: 1-800-305-3036 > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message