From owner-freebsd-stable Wed Jun 14 14:53:59 2000 Delivered-To: freebsd-stable@freebsd.org Received: from indigo.dreamfire.net (indigo.dreamfire.net [207.113.154.29]) by hub.freebsd.org (Postfix) with ESMTP id CFA7537B692 for ; Wed, 14 Jun 2000 14:53:48 -0700 (PDT) (envelope-from sean@dreamfire.net) Received: from valiant.dreamfire.net (valiant [24.11.227.21]) by indigo.dreamfire.net (Postfix) with ESMTP id 8E5AA9456 for ; Wed, 14 Jun 2000 14:53:38 -0700 (PDT) Received: by valiant.dreamfire.net (Postfix, from userid 1000) id 6BC9EE88EA; Wed, 14 Jun 2000 14:52:19 -0700 (PDT) Date: Wed, 14 Jun 2000 14:52:19 -0700 From: Sean-Paul Rees To: stable@freebsd.org Subject: Advanced Router Message-ID: <20000614145219.A88415@seanrees.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I'm a part of the network administration team a local ISP. We're a non-profit group that provides internet access to a couple of media labs, our internet subscribers, and our servers. Over the last few months, we've noticed a lot of our network slow down. Part of it is attributed to a constantly growing network that could use a bit of a clean up. Also, we've been subjected to a small share of DoS attacks. We want to put our media labs on private address space to conserve our routable address space. We also want a small firewall to filter out some of the garbage that goes through, and to block certain services from untrusted sources. I'm planning to recommend a FreeBSD box to handle this task. We're non-profit and we don't have a ton to spend, and I love FreeBSD a lot :-) The media labs have quite a few Macintosh computers. For that, we have a set of servers that double as AppleShare services. We also have a box that handles NetBoot and QuickTime Streaming. What I want to do is sit the FreeBSD box in the middle, so-to-speak. [T1 - CRL] | [FreeBSD Router] ___________| |___________ | | [ Our Servers ] [ Media Labs NAT ] (x.x.x.x/24) (192.168.0.0/24) We need the media labs to talk AppleShare to our servers. So, we need the FreeBSD box to be able to alias those packets. I don't forsee NetBoot being able to be aliasable, so we'd probably stick the NetBoot server into the private address space. So, since it's running out QuickTime Streaming aswell, we'd need to forward those packets. Is that I have here feasible? Ideas would be appreciated. I'd like to present them an irrefusable plan :-) Thanks! :) Cheers, Sean-Paul Rees sean@seanrees.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message