From owner-freebsd-isp  Mon Feb 24 16:51:41 2003
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5620937B401
	for <freebsd-isp@freebsd.org>; Mon, 24 Feb 2003 16:51:40 -0800 (PST)
Received: from mail.nortenet.pt (mar.nortenet.pt [212.13.32.243])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BBD4943F93
	for <freebsd-isp@freebsd.org>; Mon, 24 Feb 2003 16:51:38 -0800 (PST)
	(envelope-from guilherme@nortenet.pt)
Received: from parpa (v1-pppS18.nortenet.pt [212.13.32.18])
	by mail.nortenet.pt (8.11.1/8.11.1) with SMTP id h1ONnSC28912
	for <freebsd-isp@freebsd.org>; Tue, 25 Feb 2003 00:49:29 +0100
Date: Tue, 25 Feb 2003 00:56:36 +0000
From: "Guilherme J. R. Oliveira" <guilherme@nortenet.pt>
To: freebsd-isp@freebsd.org
Subject: firewall/nat Web Hosting architecture
Message-Id: <20030225005636.4de408d9.guilherme@nortenet.pt>
Organization: host-valley.com
X-Mailer: Sylpheed version 0.8.6 (GTK+ 1.2.10; i386-portbld-freebsd4.6.2)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org


Hi !

I need to create a network serving virtual web hosting (which I'll have 2 public ip's) with these servers: apache, iis, bind, ftpd, sendmail and pop3.
It's possible to put all these servers (including the dns) behind a freebsd firewall/nat with 2 nics and 2 switchs to divide 2 networks ?


Example:

		          internet
			      |
		           router
   			      |
	       	         firewall&nat
                              |
desktop1 -- switch --         |           -- switch -- bind,apache,ftpd
desktop2 --		  	                    -- sendmail,pop3,secondary_bind
						    -- iis,ftpd


I think it's possible using -redirect_port and -redirect_address but I shock with 2 (or more) problems:

- if the public ip's adress's will be served with bind then it must be installed in the same box as firewall&nat. True ? But I wish that bind stays behind the firewall.
- I have only 2 public ip's that must be assigned (i think) to bind and secondary_bind. How can I acess to iis and/or apache server independently from internet ?



Thanks.

-- 
mailto:guilherme@nortenet.pt || http://guilherme.host-valley.com/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message