From owner-freebsd-questions Thu Aug 17 10:32:40 2000 Delivered-To: freebsd-questions@freebsd.org Received: from greg.ad9.com (greg.ad9.com [209.233.225.5]) by hub.freebsd.org (Postfix) with ESMTP id 0279237BDB2 for ; Thu, 17 Aug 2000 10:32:15 -0700 (PDT) Received: from greg.ad9.com (nepolon@greg.ad9.com [209.233.225.5]) by greg.ad9.com (8.9.1a/8.9.1) with ESMTP id KAA04459; Thu, 17 Aug 2000 10:51:00 -0700 (PDT) Date: Thu, 17 Aug 2000 10:50:56 -0700 (PDT) From: Steve Lewis X-Sender: nepolon@greg.ad9.com To: cjclark@alum.mit.edu Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Q: network topologies, routing, TCP/IP In-Reply-To: <20000817004403.F28027@149.211.6.64.reflexcom.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 17 Aug 2000, Crist J . Clark wrote: > > 1) Bind 2 IPs to one interface. I have seen it done in Linux, but I can't > > find a way to do this with FreeBSD in the docs. How can I bind 1.2.3.5 to > > frontline's public interface in addition to it's current IP address? > > Read ifconfig(8), *SMACK* I overlooked that parameter completely. Thank you. > Anyway, I suggest using the 'redirect_address' feature of natd(8). Put > this other box behind the firewall with one of your RFC1918 numbers > and redirect 1.2.3.5 to that machine. I was planning to use redirect_port instead, because there is only a narrow list of ports on that bastion host that I want to be outwardly accessible (port 80 and a couple other web interfaces), but there are more services running on the box for the benefit of those inside the LAN (a RDBMS, source management, etc). I have used redirect_port successfully in the past. Any reason I shouldn't use it here? To review the topology: Internet - firewall dc0-1.2.3.4 dc1-192.168.0.1 - -> ---192.168.0.10 aka 1.2.3.5 - inner_wall ep0-192.168.0.254 ep1-a LAN IP - LAN --Steve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message