Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 16 Jun 2004 13:58:36 -0600
From:      Jose Hidalgo Herrera <jose@hostarica.com>
To:        Fangorn <fangorn@o2.pl>
Cc:        jose@hostarica.com
Subject:   Re: Multiple_External_IPs+IPFW+arp_proxy+Dummynet+natd_etc
Message-ID:  <1087415916.87203.9.camel@jose.hostarica.net>
In-Reply-To: <1087389772.641.20.camel@desk.myroom.pl>
References:  <1087389772.641.20.camel@desk.myroom.pl>
index | next in thread | previous in thread | raw e-mail 

[-- Attachment #1 --]
On Wed, 2004-06-16 at 06:42, Fangorn wrote:

> Hello!
> 
> FreeBSD 5.2.1, IPFW(2 of course), 1 ext_if, 2 int_ifs, P200MMX, 96MB,
> HDD 2GB
> I have recently set up a router serving and shaping a small network
> +/-20 clients (mostly wireless, but that's not important, as the AP does
> the job).
> 
> I do a static ARP, I have quite a simple firewall, of course natd is up
> and running fine. Some pipes and queues pretend to share the traffic
> fairly :). Now my concern is:
> 
> 1. What is the best way to assign an external IP (I have 4 available) to
> a LAN client machine?
> 2. How (if at all) it affects traffic shaping?


you can: 
    1) use the other interface for the DMZ ( but you lose 1 ip for the
router's interface)
    2) forward traffic sent to the public ips to private ips
        ej. 
            ipfw add fwd privateip,80 tcp from any to publicip 80 setup
keep-state

You have the same bandwidth, unless you buy more!


> 
> I would be greatful for a bunch of ideas and eternally greatful for
> examples of working scripts/firewall rules etc. 
> 
> Disclaimer: Yes, I did a google research, and found nothing that would
> cover the afformentioned problem. :-) At least nothing else than 'Well,
> you might try this ports thingy, but I don't really know if it helps.'
> ;-D
> 
> PS: (or BTW) Maybe someone also has a solution to a problem of sharing
> two external connections in a reasonable way in such a network? Of
> course load-balancing would be desirable, but any working examples are
> welcome.
> 
> Thank You for Your patience.


--
Hi! I'm a .signature virus! 
Copy me into your ~/.signature to help me spread!

Jose Hidalgo
PGP: 15524480
jose at hostarica.com


[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQBA0KZsMb674RVSRIARAtV3AKCPmHPH+xuAYNd3IF3W+O4ThEKXngCfexpu
w8OwP1dPU0pMTqs2Gpd05hM=
=m/K/
-----END PGP SIGNATURE-----
help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1087415916.87203.9.camel>