From owner-freebsd-questions Sun Jun 11 22:38:48 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail.rdc1.tn.home.com (ha1.rdc1.tn.home.com [24.2.7.66]) by hub.freebsd.org (Postfix) with ESMTP id 7EC9B37B943 for ; Sun, 11 Jun 2000 22:38:43 -0700 (PDT) (envelope-from williamsl@home.com) Received: from RELIABLE ([24.4.115.31]) by mail.rdc1.tn.home.com (InterMail vM.4.01.02.00 201-229-116) with ESMTP id <20000612053842.FZMW25427.mail.rdc1.tn.home.com@RELIABLE>; Sun, 11 Jun 2000 22:38:42 -0700 Date: Mon, 12 Jun 2000 01:36:57 -0400 From: Ben Williams X-Mailer: The Bat! (v1.39) Personal Organization: Williams Enterprises X-Priority: 3 (Normal) Message-ID: <567.000612@home.com> To: cjclark@alum.mit.edu Cc: freebsd-questions@freebsd.org Subject: Re[2]: UPGRADE 2.2.8 to 4.0R In-reply-To: <20000610141556.I1197@dialin-client.earthlink.net> References: <20000610141556.I1197@dialin-client.earthlink.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Quoting Crist J. Clark Monday, June 12, 2000 > On Sat, Jun 10, 2000 at 01:55:23PM -0700, Everett F Batey wrote: >> /snip/ >> Ideas about running IPFW and NATD on web/mail server ? Still a >> recompile ? > Ideas about running ipfw(8) and NAT on a web/mail server: > - If there is no firewall somewhere else between this machine and > the Internet, then ipfw is a very good idea. > - Unless the machine is also a gateway, it should not need NAT. > - If the machine is to be a gateway-NAT box for a protected network > of any size, it should probably be held to a higher security standard > (i.e. cut bare-bones and running a few potentially exploitable > daemons as possible). Put mail and web on a different machine than > that doing the NAT and firewalling. Along these lines I'd like to ask if a "triple-homed routing bridge" (i.e. 3 NIC's, 2 of which are connected to ISP's and one to the "internal" LAN) is conceivable or even feasable. If I have my terminology right a "bridge" connects multiple networks with optionally (preferably for me) a firewall in place that does not decrement the TTL of a packet since none of the NIC's on the bridge have IP's. Would a FreeBSD 3.4R box be capable of this kind of setup? This is -almost- the networking question I asked several days ago but I didn't get much input then .. hope to hear from you soon! --Ben Williams mailto:received@email dot com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message