Date: Sun, 11 Feb 2001 21:24:13 -0600 (CST) From: Ryan Thompson <ryan@sasknow.com> To: phil grainger <phil@ozxpress.com.au> Cc: isp@FreeBSD.ORG Subject: Re: ip redirection Message-ID: <Pine.BSF.4.21.0102112116290.84942-100000@ren.sasknow.com> In-Reply-To: <5.0.2.1.2.20010211154104.02709190@freebsd.cnnet.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
phil grainger wrote to isp@FreeBSD.ORG:
> hi,
> our isp recently got a satellite feed and i managed to get the squid
> talking via the sat ip's ...
>
> no i am wanting to use the satellite for incoming ftp and incoming napster
> traffic.
>
> our servers run a 203. (land line) and 209. (satellite) networks our
> clients use
> 203. ip's
>
> our clients gateway is a freebsd 3-stable machine although i can change that
> to a linux 2.2 box (of course i would prefer the freebsd solution!)
>
> the freebsd box is running ipnat and ipfw
I think you're making this more complicated than it should be. You can't
route specific ports with IP--you can only route subnets. (Imagine how
large routing tables would get if multiplexed by 64K possible port
addresses :-) If you don't want someone accessing FTP over the land line
("203."), simply block incoming FTP connections on that subnet in your
packet filter for that subnet, or just don't bind the FTP daemon to an
address on that network. Same applies to Napster. Then, just configure
forward DNS to resolve the hostname to the sattelite (209.) IPs, so your
users won't have to know the difference.
Maybe you could configure your gateway to forward incoming FTP packets
between the subnets, but that still won't stop people from connecting over
the landline subnet, and I think you'd be hard pressed to send a reply
BACK from one IP address when the client expects it on another. :-)
> has anyone got any advice on how to manage this
>
>
> thanks,
>
> Phil Grainger
> ----------------------------------------------------------
> ozxpress.com.au User Support Services
> http://ozxpress.com.au
> ----------------------------------------------------------
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the message
>
--
Ryan Thompson <ryan@sasknow.com>
Network Administrator, Accounts
SaskNow Technologies - http://www.sasknow.com
#106-380 3120 8th St E - Saskatoon, SK - S7H 0W2
Tel: 306-664-3600 Fax: 306-664-1161 Saskatoon
Toll-Free: 877-727-5669 (877-SASKNOW) North America
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0102112116290.84942-100000>