From owner-freebsd-isp  Tue Nov 13  9:28:45 2001
Delivered-To: freebsd-isp@freebsd.org
Received: from web20106.mail.yahoo.com (web20106.mail.yahoo.com [216.136.226.43])
	by hub.freebsd.org (Postfix) with SMTP id 60BBB37B419
	for <freebsd-isp@freebsd.org>; Tue, 13 Nov 2001 09:28:34 -0800 (PST)
Message-ID: <20011113172833.16267.qmail@web20106.mail.yahoo.com>
Received: from [62.11.71.109] by web20106.mail.yahoo.com via HTTP; Tue, 13 Nov 2001 18:28:33 CET
Date: Tue, 13 Nov 2001 18:28:33 +0100 (CET)
From: =?iso-8859-1?q?Fabrizio=20Ravazzini?= <freefabri@yahoo.it>
Subject: RE: Nat Gateway Firewall rules
To: Fabrizio Ravazzini <freefabri@yahoo.it>
Cc: freebsd-isp@freebsd.org
In-Reply-To: <20011113171827.77688.qmail@web20102.mail.yahoo.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org

 --- Fabrizio Ravazzini <freefabri@yahoo.it> ha
scritto: > many thanks for help,now I've tought to
another
> problem, I've read on the FreebSD Handbook
> (cap17.11-Nat) and the natd manual page that with
> the
> option -redirect_address, if I have for example a
> www
> server I can redirect the traffic to this server
> wich
> is on the internal Lan or also to another machine
> with
> public Ip.
> But the problem is: if I have two or more web
> servers
> in the lan or also out of the Lan which they must be
> reached from the internet how can I redirect with
> natd?
> Because with natd I can redirect (I understood) only
> one machine for one service.
> Shortly the scheme:
> 
 OPS!! the correct scheme is this(With the router)


 		INTERNET
 		  |
		  |
		  |Public Ip0
             _____|_________
            | Router CISCO  |			
            +------+--------+
                   |
                   |PublicIP1
                 +---------+
                 | NAT     |
        	 |Firewall |
                 +---------+       PublicIP2
     +----+        |  |           +------+
     |WWW1|--------+  +-----+-----| WWW2 |
     +----+                 |     +------+
       PublicIp3            |
       or InternalLan1      |DNS
 
 
 Thanks,bye
 
>  
> --- John Brooks <john@day-light.com> ha scritto: >
> Try
> these:
> > 
> > http://www.obfuscation.org/ipf/
> > 
> > http://geodsoft.com/howto/harden/
> > 
> > --
> > John Brooks
> > Email:  john@stlbsd.org 
> > 
> > -----Original Message-----
> > 
> > ...snip...
> > 
> > I must provide a strong Firewall set of rules on
> the
> > nat, where can I find some docs to do such a
> thing?
> > 
> > 
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-isp" in the body of the
> message 
> 
>
______________________________________________________________________
> 
> Abbonati a Yahoo! ADSL con Atlanet!
> Naviga su Internet ad alta velocitą, e senza limiti
> di tempo! 
> Per saperne di pił vai alla pagina
> http://adsl.yahoo.it
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the
message 

______________________________________________________________________

Abbonati a Yahoo! ADSL con Atlanet!
Naviga su Internet ad alta velocitą, e senza limiti di tempo! 
Per saperne di pił vai alla pagina http://adsl.yahoo.it

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message