From owner-freebsd-questions@FreeBSD.ORG Fri Apr 7 16:56:07 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A04C616A403 for ; Fri, 7 Apr 2006 16:56:07 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from pi.codefab.com (pi.codefab.com [199.103.21.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3C36443D48 for ; Fri, 7 Apr 2006 16:56:07 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from localhost (localhost [127.0.0.1]) by pi.codefab.com (Postfix) with ESMTP id C907F5C8A; Fri, 7 Apr 2006 12:56:06 -0400 (EDT) Received: from pi.codefab.com ([127.0.0.1]) by localhost (pi.codefab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 75135-08; Fri, 7 Apr 2006 12:56:06 -0400 (EDT) Received: from [192.168.1.3] (pool-68-161-112-80.ny325.east.verizon.net [68.161.112.80]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pi.codefab.com (Postfix) with ESMTP id 51A5E5C46; Fri, 7 Apr 2006 12:56:05 -0400 (EDT) Message-ID: <443699A3.50504@mac.com> Date: Fri, 07 Apr 2006 12:56:03 -0400 From: Chuck Swiger User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: Nick Stenning References: <44358D8F.5050605@mac.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at codefab.com Cc: freebsd-questions@freebsd.org Subject: Re: NAT, VPN and other SOHO router advice X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Apr 2006 16:56:07 -0000 Nick Stenning wrote: >> Given what you've said, you should set up the FreeBSD machine as a bridge >> rather than a router. > > Having now read the manpage for bridge(4) and if_bridge(4), I am not > certain that this is going to achieve what I want to achieve. I'm told > by the FreeBSD HB that "The consensus is that assigning both cards an > address is a bad idea." > > Since I want rl1 to have a public IP block and rl0 to have a private > IP, I assume this isn't going to work. So, router it is. In which case, your Vigor 2600's internal interface and your FreeBSD box would need to be using public IPs, which means you can't use the Vigor to do the NAT and VPN, which was also something you wanted. > Now, for this VPN. I reckon my best bet is to run the PPTP client from > the BSD box, no? Yes. Have your ISP set up the Vigor's internal interface with a /30 subnet, or however many public IP's you've got, and then set up OpenVPN on the FreeBSD box, or whatever other VPN/PPTP software you'd like... -- -Chuck