From owner-freebsd-stable Sat Jan 29 22:37:27 2000 Delivered-To: freebsd-stable@freebsd.org Received: from mail.cybcon.com (mail.cybcon.com [216.190.188.5]) by hub.freebsd.org (Postfix) with ESMTP id 1DFB6151F5 for ; Sat, 29 Jan 2000 22:37:24 -0800 (PST) (envelope-from freebsd@cybcon.com) Received: from laptop.cybcon.com (william@usr1-20.cybcon.com [205.147.75.21]) by mail.cybcon.com (8.9.3/8.9.3) with ESMTP id WAA29678; Sat, 29 Jan 2000 22:37:37 -0800 (PST) Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <20000130012354.A86581@evil.2y.net> Date: Sat, 29 Jan 2000 22:32:46 -0800 (PST) From: William Woods To: Coleman Kane Subject: Re: FW: DSL natd rules.... Cc: freebsd-stable@FreeBSD.ORG, Doug White Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Well, USWEST says the 675 needs to be in PPP mode and not bridged. I have the 675's manuals and have been reading them. LIke I said, I have NAT from the 675 to the router/gateway (Not running a server) and on the gateway/router I am useing ipfw and natd to the internal LAN. Is this not a viable solution? On 30-Jan-00 Coleman Kane wrote: > Doug White had the audacity to say: >> On Sat, 29 Jan 2000, William Woods wrote: >> >> > Hmmm.... >> > >> > Well I was planning on running NAT from the cisco to the FreeBSD >> > router/gateway/firewall and then NATD on the router gateway to deliver to >> > the >> > rest of the LAN. This is a bad thing I take it? >> >> 1) The extra overhead of double-processing packets >> 2) Setting up static NAT or redirected ports becomes a nightmare >> 3) You're limited by what the DSL modem can NAT; at least on FreeBSD you >> have the source to hack :) >> > > 1) depending on the speed of your DSL connection (I am guessing it's 1Mb at > most), the overhead will be negligable, as long as the NAT box is properly > outfitted for its purpose. I am guessing that you already planned for it. > 2) This isn't necessarily a 'nightmare' as long as you are using the right > tools > there isn't really that much trouble. Most protocols don't even need static > mappings now. If you are planning on running a server, why not use a box > outside of the firewall, and map with the cisco. Opening holes in your > firewall is a security risk almost as bad as not having one at all. > 3) If you are using a cisco 675, you can get the manuals off cisco's website. > Since you are actually using one IP from the router, the cisco 675 can be > used in bridging mode rather than routing mode. Basically you can route all > traffic to the router directly to the firewall. You should be careful to use > the serial management cable in case you can't acess the cisco after this. > The > cisco 675's are rather versatile routers that have a lot of functionality > internally. Go to cisco's site and read the CBOS manual to learn how to > configure it. > >> > What would you reccomend doing to get around this? >> >> Finding an ISP in your area that does bridged, or dropping NAT from the >> BSD box and letting the router take care of that. >> > > In my experiences and knowledge, the phone company's network does a lot of > the > NAT and everything. Somewhere along the line your final output IP is bridged > with the ISP's IP to give to you. The NAT and routing is typically internal > in > the phone company. > >> I have a bridged DSL connection so I don't have this problem :) >> >> Doug White | FreeBSD: The Power to Serve >> dwhite@resnet.uoregon.edu | www.FreeBSD.org >> > > --cokane ---------------------------------- E-Mail: William Woods Date: 29-Jan-00 Time: 22:30:44 This message was sent by XFMail ---------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message