Date: Sat, 12 Jul 2003 12:33:11 +0930 From: Steven Wiltshire <steven@mg2.org> To: keith@smmc.qld.edu.au Cc: freebsd-questions@freebsd.org Subject: Re: Routing problem.. cisco -->fbsd-->Lan Experts?? Message-ID: <3F0F7A6F.8090206@mg2.org> In-Reply-To: <1074.203.221.19.86.1057977166.squirrel@localhost.smmc.qld.edu.au> References: <1074.203.221.19.86.1057977166.squirrel@localhost.smmc.qld.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
keith@smmc.qld.edu.au wrote: >I have a friend with a cisco 827 adsl router. It has config hassles but >when that is sorted, we need to setup a freebsd box inside the cisco >router to handle a /29 block of ips. 3 questions... > I'm running an identical setup here - a Cisco 827, a /29, and a FreeBSD machine (or two) performing NAT for my LAN. >a) Should I assume the cisco is not the worlds greatest firewall and setup >the freebsd machine as one (creating a dmz) > The Cisco will be "adequate," but I prefer the ease of use and added functions a FreeBSD machine running IP Filter/IPNAT, but that's just me. >b) The /29 block is routed by the ISP to the cisco device. I guess we >need to place a static route on the cisco gadget that directs any of the >incoming /29 block request onto the freebsd box...Correct? > I have my 827 set up as a very basic bridge. This means that instead of the /29 "terminating," so to speak, on the 827, each of my allocated IP addresses is available directly on an ethernet interface on one of two FreeBSD machines. As a partial answer to part C, if you bridge the /29 to the FreeBSD machine, you can easily configure IPF and IPNAT to port-forward to various internet servers as required. Personally, the machine I have performing NAT (with my /29 on one interface and a private /24 on the other) for my internal network also runs various services. It's not an ideal setup, but it is functional and easy to maintain. Sorry I can't answer the rest of your questions, my brain is still enjoying the aftereffects of a big Friday night :) --Steven
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F0F7A6F.8090206>