From owner-freebsd-hackers Mon Mar 11 21: 7:58 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from wombat.bytecraft.au.com (wombat.bytecraft.au.com [203.39.118.3]) by hub.freebsd.org (Postfix) with ESMTP id 0D1B537B400 for ; Mon, 11 Mar 2002 21:07:55 -0800 (PST) Received: from MJTDEVNULL (unknown [203.39.118.42]) by wombat.bytecraft.au.com (Postfix) with SMTP id 58C583FF4 for ; Tue, 12 Mar 2002 16:07:52 +1100 (EST) Message-ID: <000801c1c983$dc122540$2a7627cb@MJTDEVNULL> From: "Murray Taylor" To: Subject: Firewall and mpd Date: Tue, 12 Mar 2002 16:07:51 +1100 Organization: Bytrcraft Systems MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG (hopefully this is not too mangled by M$. It should display ok in fixed width fonts) Proposed firewall structure We are proposing to augment our firewalling as follows and I would like advice on how to (re)setup our MPD installation. I see two options (a) put MPD on the bastion host and allow the GRE packets through to it via the RED network, and then allow the authenticated TCP packets from it through to the GREEN network. (b) place a GIF tunnel on the bastion host and forward the GRE packets on towarwds the GREEN network that way. I have never used gif yet and am looking to those who have been here before as to the most appropriate method. INTERNET | GRE | (pptp) | | | v | a...1 +---------------------+ +-----------------------+ | | | | | Bastion host | | Access Router | | | | | | | | | | MPD or gif tunnel | | | | ? | | | +---------------------+ +-----------------------+ | x...1 | x...126 TCP | ^ GRE | | | | | | v | GRE <-GRE v | RED ============================================================= TCP-> TCP | | | v | | x...32 +-----------------------+ | | | Choke router | | | | | | MPD here if gif? | | | +-----------------------+ | y...32 | | GREEN ============================================================= Murray Taylor -- Special Projects Engineer Bytecraft Systems P/L +61 3 8710 2555 phone +61 3 8710 2599 fax www.bytecraftsystems.com www.bytecraftentertainment.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message