From owner-freebsd-questions@FreeBSD.ORG Mon Mar 15 08:09:46 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C8C616A4CE for ; Mon, 15 Mar 2004 08:09:46 -0800 (PST) Received: from lv.raad.tartu.ee (lv.raad.tartu.ee [194.126.106.110]) by mx1.FreeBSD.org (Postfix) with ESMTP id C9BC743D39 for ; Mon, 15 Mar 2004 08:09:44 -0800 (PST) (envelope-from toomas.aas@raad.tartu.ee) Received: Message by Barricade lv.raad.tartu.ee with ESMTP id i2FG9feX015785; Mon, 15 Mar 2004 18:09:42 +0200 Message-Id: <200403151609.i2FG9feX015785@lv.raad.tartu.ee> Received: from INFO/SpoolDir by raad.tartu.ee (Mercury 1.48); 15 Mar 04 18:09:42 +0200 Received: from SpoolDir by INFO (Mercury 1.48); 15 Mar 04 18:09:26 +0200 From: "Toomas Aas" Organization: Tartu City Government To: Robert Storey Date: Mon, 15 Mar 2004 18:09:19 +0200 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Priority: normal In-reply-to: <20040315201004.21d1a6f1.y2kbug@ms25.hinet.net> cc: questions@freebsd.org Subject: Re: bypassing a proxy server X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Mar 2004 16:09:46 -0000 Hi! > Furthermore, I want the FreeBSD machine to run an anonymous ftp > server. Forgive the crappy drawing (I never claimed to be an artist), > but this is how the network looks at the moment (except that there > are 10 Windows clients, not 2): > > > |-------| > |windows| > |------------| |------| |client | > | Win2000 | | |----|-------| > T1--------|proxy server|----|switch| > | & gateway | | |----|-------| > |------------| |---|--| |windows| > | |client | > | |-------| > | > |-----|----| > | FBSD ftp | > | server | > |----------| > > OK, I'm convinced, running a ftp server from a NAT gateway is a > disaster. So I'm looking for a way around it. I have an old unused hub, > and I've been thinking that this might be a possible solution (sort of > like a DMZ?)... > > |-------| > |windows| > |------------| |------| |client | > | Win2000 | | |----|-------| > T1--HUB---|proxy server|----|switch| > | | & gateway | | |----|-------| > | |------------| |------| |windows| > | |client | > | |-------| > | > |----|-----| > | FBSD ftp | > | server | > |----------| Yes, with that kind of setup your FTP server is likely to be much better accessible than with the previous one :-) Assuming, of course, that the external interface of Windows 2000 server is Ethernet and there are no tricks like PPPoE involved. > The only problem I see here is I don't know how I'm going to get an > address for the ftp server. The Win2000 gateway has a static address, it > dishes out addresses to the clients with dhcp. The NAT addresses are of > course internal addresses like 10.0.0.12, but the school does own a > block of 64 static addresses. Well, then you just need to ask your school's admin to give you one of those static (I assume you mean public?) addresses and assign it to your FreeBSD machine manually. > If I simply stick a hub in front of the gateway machine, all traffic > to the gateway will also be sent to the ftp server - I know that will > cause packet collisions, but I can live with the crappy performance > because it's a very low traffic environment. My main concern is > simply how to assign an address to the ftp server without > disconnecting the gateway machine. You just need to assign an address which is different from that of the public interface of the Windows server :-) Otherwise the Windows admin *will* come for your head :-) -- Toomas Aas | toomas.aas@raad.tartu.ee | http://www.raad.tartu.ee/~toomas/ * I've got a life but it won't run on my operating system.