Date: Wed, 16 Aug 2000 15:38:18 -0700 (PDT) From: Steve Lewis <nepolon@systray.com> To: freebsd-questions@FreeBSD.ORG Subject: Q: network topologies, routing, TCP/IP Message-ID: <Pine.BSF.4.05.10008161511430.1822-100000@greg.ad9.com>
next in thread | raw e-mail | index | archive | help
I'm having difficulty figuring out how to tell FreeBSD to do what I am trying to do here... I have a firewall running 4.0 RELEASE, lets say the public interface is at 1.2.3.4 with the DNS name of frontline.domain.org (it's not obviously), and the private interface is 192.168.0.1. This is the front barrier in the topology, the private interface connects to the DMZ. I have a bastion host (a 'development' server) of sorts sitting in the DMZ (192.168.0.10 in this example). The DMZ also contains another firewall (192.168.0.254 with no DNS name for instance). All of this works beautifully at this point. No problems. We have two IP addresses available, only one of which is currently in use (1.2.3.4 as above, and 1.2.3.5 is still available). The second IP resolves by DNS to the name of the bastion host (basthost.domain.org), and I can use NATD & IPFW to pass traffic on allowed ports to basthost (I know how, anticipate no problem there). The problem is this: I need to have traffic destined to 1.2.3.5 to be routed through 1.2.3.4 (frontline). How can I do this? I can think of a few ways it may be possible: 1) Bind 2 IPs to one interface. I have seen it done in Linux, but I can't find a way to do this with FreeBSD in the docs. How can I bind 1.2.3.5 to frontline's public interface in addition to it's current IP address? 2) Will I need to resort to using a routing package (routed, gated, etc) to do this? I want to avoid running such a package on the firewall for reasons which should be easy to discern. 3) Will I need to have my upstream provider adjust routing for 1.2.3.5 at their end? If so, is this in combination with #2 above? --Steve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.10008161511430.1822-100000>