Date: Sun, 30 Jan 2000 01:23:54 -0500 From: Coleman Kane <cokane@one.net> To: Doug White <dwhite@resnet.uoregon.edu> Cc: William Woods <freebsd@cybcon.com>, freebsd-stable@FreeBSD.ORG Subject: Re: FW: DSL natd rules.... Message-ID: <20000130012354.A86581@evil.2y.net> In-Reply-To: <Pine.BSF.4.21.0001291239370.89930-100000@resnet.uoregon.edu>; from dwhite@resnet.uoregon.edu on Sat, Jan 29, 2000 at 03:49:01PM -0500 References: <XFMail.000129005832.freebsd@cybcon.com> <Pine.BSF.4.21.0001291239370.89930-100000@resnet.uoregon.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
--pf9I7BMVVzbSWLtt Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Doug White had the audacity to say: > On Sat, 29 Jan 2000, William Woods wrote: >=20 > > Hmmm.... > >=20 > > Well I was planning on running NAT from the cisco to the FreeBSD > > router/gateway/firewall and then NATD on the router gateway to deliver = to the > > rest of the LAN. This is a bad thing I take it? >=20 > 1) The extra overhead of double-processing packets > 2) Setting up static NAT or redirected ports becomes a nightmare > 3) You're limited by what the DSL modem can NAT; at least on FreeBSD you > have the source to hack :) > 1) depending on the speed of your DSL connection (I am guessing it's 1Mb at most), the overhead will be negligable, as long as the NAT box is properly outfitted for its purpose. I am guessing that you already planned for it. 2) This isn't necessarily a 'nightmare' as long as you are using the right = tools there isn't really that much trouble. Most protocols don't even need static mappings now. If you are planning on running a server, why not use a box outside of the firewall, and map with the cisco. Opening holes in your firewall is a security risk almost as bad as not having one at all.=20 3) If you are using a cisco 675, you can get the manuals off cisco's websit= e. Since you are actually using one IP from the router, the cisco 675 can be used in bridging mode rather than routing mode. Basically you can route all traffic to the router directly to the firewall. You should be careful to u= se the serial management cable in case you can't acess the cisco after this. = The cisco 675's are rather versatile routers that have a lot of functionality internally. Go to cisco's site and read the CBOS manual to learn how to configure it. > > What would you reccomend doing to get around this? >=20 > Finding an ISP in your area that does bridged, or dropping NAT from the > BSD box and letting the router take care of that. >=20 In my experiences and knowledge, the phone company's network does a lot of = the NAT and everything. Somewhere along the line your final output IP is bridged with the ISP's IP to give to you. The NAT and routing is typically internal= in the phone company.=20 > I have a bridged DSL connection so I don't have this problem :) >=20 > Doug White | FreeBSD: The Power to Serve > dwhite@resnet.uoregon.edu | www.FreeBSD.org > --cokane --pf9I7BMVVzbSWLtt Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.0 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE4k9j5ERViMObJ880RAcnWAJ0XFqRg5ANHAuouCfuNsN0Df9HOZACePM/a iWS5Gn2L3O+zIYrzPVNjAYA= =lT0P -----END PGP SIGNATURE----- --pf9I7BMVVzbSWLtt-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000130012354.A86581>