Date: Sat, 12 Jul 2003 14:02:59 +1000 (EST) From: <keith@smmc.qld.edu.au> To: <steven@mg2.org> Cc: Free bsd <freebsd-questions@FreeBSD.org> Subject: Re: Routing problem.. cisco -->fbsd-->Lan Experts?? Message-ID: <1273.203.221.19.86.1057982579.squirrel@localhost.smmc.qld.edu.au> In-Reply-To: <3F0F7A6F.8090206@mg2.org> References: <1074.203.221.19.86.1057977166.squirrel@localhost.smmc.qld.edu.au> <3F0F7A6F.8090206@mg2.org>
next in thread | previous in thread | raw e-mail | index | archive | help
HI and thanks, Cool! I am OK with the fbsd stuff ipfilter ipnat etc. I garee it is nice. The small matter of the cisco thing...hmmm! OK...so would it be ok to ask another question or 2 later if today is bad? I need to know how to "bridge" the /29 on the cisco. does it mean I simply install static routing on the cisco by doing something like... ip classless (default) ip route 203.44.288.0 255.255.255.248 ethernet0 10.0.0.2 no ip http server (default) (NOTE: 10.0.0.2 is the ip of the fbsd box, 10.0.0.1 is the ethernet0 ip of cisco router) I have read the cisco docs but is slightly foreign language to me. I would greatly appreciate it. My balls are now on the line here. I should never volunteer to help!? Am i close? Keith > keith@smmc.qld.edu.au wrote: > >>I have a friend with a cisco 827 adsl router. It has config hassles but >> when that is sorted, we need to setup a freebsd box inside the cisco >> router to handle a /29 block of ips. 3 questions... >> > I'm running an identical setup here - a Cisco 827, a /29, and a FreeBSD > machine (or two) performing NAT for my LAN. > >>a) Should I assume the cisco is not the worlds greatest firewall and >> setup the freebsd machine as one (creating a dmz) >> > The Cisco will be "adequate," but I prefer the ease of use and added > functions a FreeBSD machine running IP Filter/IPNAT, but that's just me. > >>b) The /29 block is routed by the ISP to the cisco device. I guess we >> need to place a static route on the cisco gadget that directs any of >> the incoming /29 block request onto the freebsd box...Correct? >> > I have my 827 set up as a very basic bridge. This means that instead of > the /29 "terminating," so to speak, on the 827, each of my allocated IP > addresses is available directly on an ethernet interface on one of two > FreeBSD machines. > > As a partial answer to part C, if you bridge the /29 to the FreeBSD > machine, you can easily configure IPF and IPNAT to port-forward to > various internet servers as required. Personally, the machine I have > performing NAT (with my /29 on one interface and a private /24 on the > other) for my internal network also runs various services. It's not an > ideal setup, but it is functional and easy to maintain. > > Sorry I can't answer the rest of your questions, my brain is still > enjoying the aftereffects of a big Friday night :) > > --Steven > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1273.203.221.19.86.1057982579.squirrel>