From owner-freebsd-questions@FreeBSD.ORG Mon Mar 15 06:51:11 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BD7DA16A4CE for ; Mon, 15 Mar 2004 06:51:11 -0800 (PST) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id EE7F043D62 for ; Mon, 15 Mar 2004 06:51:10 -0800 (PST) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) i2FEp6Fb045456 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 15 Mar 2004 14:51:06 GMT (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)id i2FEp5ns045455; Mon, 15 Mar 2004 14:51:05 GMT (envelope-from matthew) Date: Mon, 15 Mar 2004 14:51:05 +0000 From: Matthew Seaman To: Robert Storey Message-ID: <20040315145105.GD26079@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , Robert Storey , freebsd-questions@freebsd.org References: <20040315201004.21d1a6f1.y2kbug@ms25.hinet.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="GpGaEY17fSl8rd50" Content-Disposition: inline In-Reply-To: <20040315201004.21d1a6f1.y2kbug@ms25.hinet.net> User-Agent: Mutt/1.5.6i X-Spam-Status: No, hits=-4.8 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on happy-idiot-talk.infracaninophile.co.uk X-Virus-Scanned: clamd / ClamAV version devel-20040304, clamav-milter version 0.67j cc: freebsd-questions@freebsd.org Subject: Re: bypassing a proxy server X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Mar 2004 14:51:12 -0000 --GpGaEY17fSl8rd50 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 15, 2004 at 08:10:04PM +0100, Robert Storey wrote: > The only problem I see here is I don't know how I'm going to get an > address for the ftp server. The Win2000 gateway has a static address, it > dishes out addresses to the clients with dhcp. The NAT addresses are of > course internal addresses like 10.0.0.12, but the school does own a > block of 64 static addresses. If I simply stick a hub in front of the > gateway machine, all traffic to the gateway will also be sent to the ftp > server - I know that will cause packet collisions, but I can live with > the crappy performance because it's a very low traffic environment. My > main concern is simply how to assign an address to the ftp server > without disconnecting the gateway machine. As your school owns a /26 network (which gives you 62 usable host addresses, plust the network and broadcast addresses) you can just assign one of the unused static addresses to the FTP server. It's as simple as that. As this machine is going to be visible on the Internet, you should contact whoever runs the DNS for your network and get the machine's hostname and IP number properly registered (ie. both forward (A) and inverse (PTR) records). You should setup the FTP server's static address by inserting the correct data into /etc/rc.conf, rather than attempting to use DHCP. You can probably extract the correct settings by running ipconfig in a DOS shell on your Win2000 machine. As a helpful hint: the netmask for a /26 is 255.255.255.192 or 0xffffffc0, and the broadcast address will end with either .63, .127, .191 or .255. Getting a DHCP service out of the external side of your Windows gateway machine should not be possible, for proper security. Don't worry about the Hub being a performance bottleneck -- you'll hardly notice it against the limitations of T1 bandwidth. However, do realise that your FTP server will be exposed to the Internet and some care will need to be taken to make sure that it is properly secured. (Running FreeBSD is a very good start in that direction). Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --GpGaEY17fSl8rd50 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAVcLZdtESqEQa7a0RApxuAKCZRaZxUPgtcjsIhZ207hR5i7jHUACghtWH xbRY26LGls1jWKyBLdBlYmw= =hbmv -----END PGP SIGNATURE----- --GpGaEY17fSl8rd50--