From owner-freebsd-net Wed Jul 24 7:25: 5 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CA76037B407 for ; Wed, 24 Jul 2002 07:24:50 -0700 (PDT) Received: from sun6.cww.telecomitalia.it (proxy04.csi.telecomitalia.it [212.210.43.247]) by mx1.FreeBSD.org (Postfix) with ESMTP id 298F043E42 for ; Wed, 24 Jul 2002 07:24:23 -0700 (PDT) (envelope-from fabrizio.fresco@netsiel.it) Received: from sun6.cww.telecomitalia.it (helo=netsiel.it) by sun6.cww.telecomitalia.it with esmtp (Exim 3.15 #2) id 17XMzK-0002qX-00; Wed, 24 Jul 2002 16:19:38 +0200 Message-ID: <3D3EB869.AFCFB908@netsiel.it> Date: Wed, 24 Jul 2002 16:23:37 +0200 From: fabrizio.fresco@netsiel.it X-Mailer: Mozilla 4.78 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: "Tobias P. Santos" Cc: freebsd-net@FreeBSD.ORG Subject: Re: Firewall and DMZ References: <3D3DAD4B.A6C6AEC@widesoft.com.br> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org "Tobias P. Santos" wrote: > > Hello, > I would like to implement a firewall to my DMZ network, but > I am not sure about how to do it. > > +----------+ > | Internet | 123.456.789.254 > +----------+ > | > +------------------+ > | FreeBSD Firewall | 123.456.789.4 > +------------------+ > | > +-------------+-----------+ > | | | > | | | > | | | > +----------+ +---------+ +--------+ > | DNS | | Web | | E-mail | > | Server | | Server | | Server | > +----------+ +---------+ +--------+ > 123.456.789.1 123.456.789.2 123.456.789.3 > > I know it is pretty easy to build ipfw rules when we have natd > (for my internal network for example), but I haven't figured out how to > forward packets between interfaces on the same network with valid IP > addresses. > In fact, I'd like to have the same behavior of Drawbrigde > (drawbridge.tamu.edu), but it seems somewhat deprecated. > So, where should I start from? Is there a software to do that? > > If this is not the correct mailing list, please tell me the > right one and sorry for the incovenience. > Thank you in advance, Try to guess...... The easyest way is to create an alias on the firewall for the ip's of the real servers and use the fwd action with ipfw to redirect the traffic that you want to the real servers. Hope this is clear and what you are asking. > > -- > Tobias P. Santos -------------------------------------------------------------------- CONFIDENTIALITY NOTICE This message and its attachments are addressed solely to the persons above and may contain confidential information. If you have received the message in error, be informed that any use of the content hereof is prohibited. Please return it immediately to the sender and delete the message. Should you have any questions, please contact us by replying to webmaster@telecomitalia.it. Thank you www.telecomitalia.it -------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message