From owner-freebsd-questions@FreeBSD.ORG  Fri Jul 11 19:32:59 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3399137B401
	for <freebsd-questions@FreeBSD.org>;
	Fri, 11 Jul 2003 19:32:59 -0700 (PDT)
Received: from smmcroute.smmc.qld.edu.au
	(dsl-210-15-201-90.QLD.netspace.net.au [210.15.201.90])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D4A0343FD7
	for <freebsd-questions@FreeBSD.org>;
	Fri, 11 Jul 2003 19:32:57 -0700 (PDT)
	(envelope-from keith@smmc.qld.edu.au)
Received: (qmail 13528 invoked by uid 89); 12 Jul 2003 02:32:46 -0000
Received: from unknown (HELO smmc.qld.edu.au) (127.0.0.1)
  by 127.0.0.1 with SMTP; 12 Jul 2003 02:32:46 -0000
Received: from 203.221.19.86
        (SquirrelMail authenticated user keith)
        by localhost.smmc.qld.edu.au with HTTP;
        Sat, 12 Jul 2003 12:32:46 +1000 (EST)
Message-ID: <1074.203.221.19.86.1057977166.squirrel@localhost.smmc.qld.edu.au>
Date: Sat, 12 Jul 2003 12:32:46 +1000 (EST)
From: <keith@smmc.qld.edu.au>
To: "Free bsd " <freebsd-questions@FreeBSD.org>
X-Priority: 3
Importance: Normal
X-Mailer: SquirrelMail (version 1.2.11)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Subject: Routing problem.. cisco -->fbsd-->Lan Experts??  
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Jul 2003 02:32:59 -0000

Hi all,
I have a friend with a cisco 827 adsl router. It has config hassles but
when that is sorted, we need to setup a freebsd box inside the cisco
router to handle a /29 block of ips. 3 questions...
a) Should I assume the cisco is not the worlds greatest firewall and setup
the freebsd machine as one (creating a dmz)
b) The /29 block is routed by the ISP to  the cisco device. I guess we
need to place a static route on the cisco gadget that directs any of the
incoming /29 block request onto the freebsd box...Correct?
c) Should I use IPNAT on the fbsd box an place all the /29 ips the NIC
facing the cisco and NAT to the internal private IPs of the servers inside
the fbsd Lan? I know I don't have to but if I do this would I have to
config the fbsd as a router (routed or such). I will make it the gateway
for the internal LAN. Is that enough? I think it should be? Ideas please.

Here is the scheme...Will this work is it best? Thanks heaps
Keith

                              ISP
                         (165.228.233.1)
                               |
                        [ADSL Internet]
                               |
                        (165.228.233.190)
                          +CISCO ROUTER+  static route
                           (10.0.0.1)
                               |
                               |
           (10.0.0.2,203.228.44.xxx,203.228.44.zzz,203.228.44.zzz..etc)
                     +FREEBSD Gateway firewall+
                ------------NAT/PAT-----------------
                         (192.168.1.1)
                             /   \
                            /     \
                           /       \
                          /         \
                   (192.168.1.2)   (192.168.1.3)  etc etc
                     WWW server      OTHER server