From freebsd-ipfw@FreeBSD.ORG Sun Nov  5 19:11:44 2000
Return-Path: <daemon@ns3.usww.net>
Received: from ns3.usww.net (machine.annamaria.net [216.104.145.140] (may
    be forged))
	by jasper.nighttide.net (8.9.3/8.9.3) with ESMTP id TAA15439
	for <darren@nighttide.net>; Sun, 5 Nov 2000 19:07:22 -0500 (EST)
Received: (from daemon@localhost)
	by ns3.usww.net (8.8.8/8.8.8) id TAA15901
	for darren@nighttide.net; Sun, 5 Nov 2000 19:06:49 -0500 (EST)
	(envelope-from daemon)
X-info0: (Date:Sun, 5 Nov 2000 19:06:49 -0500 (EST))(Date:Sun,
     5 Nov 2000 19:06:49 -0500 (EST))(unk:0)
X-info1: (Date:Sun Nov  5 19:06:49 2000)(Unk:)
X-info2: (Ret:daemon)(Ret:daemon)(DestHost:nighttide.net.)(CID:TAA15901)
X-info3:
    (Loc:ns3.usww.net)(Loc:ns3.usww.net)(Unk:)(FQDN:usww.net)(MAILDA:MAILER-DAEM
    ON)(Unk:)
X-info4: (PID:15901)(Unk:)(E-SMTP:)(FromH:)(Date:200011060006)
X-info5: (To:darren@nighttide.net)(Ver:8.8.8)(Host:ns3)(LclUser:Owner of
    many system processes)(Unk::)
X-info6: (Unk:)(CD:)(CD:)(Unk:)(Unk:)(CD:)
X-info7: (CD:)(Frm:daemon@localhost)(CD:)(CD:)(CD:)
Date: Sun, 5 Nov 2000 19:06:49 -0500 (EST)
Message-Id: <200011060006.TAA15901@ns3.usww.net>
X-Accept-Language: en
MIME-Version: 1.0
From: freebsd-ipfw@FreeBSD.ORG (freebsd-ipfw@FreeBSD.ORG Auto Responder)
Reply-To: freebsd-ipfw@FreeBSD.ORG
To: darren@nighttide.net
Subject: Re: ipfw + bridging + divert (or what would be the solution of
    choice)
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<center><table width=640 border=0 cellpadding=5><tr><td bgcolor="#DDEEFF">
<center><h2>Thank you for your Email</h2></center>
<center><table width=80% border=0><tr><td>
<font color="#0000FF"><b>darren@nighttide.net</b></font>, <br><br>Your message concerning "<b>ipfw + bridging + divert (or what would be the solution of choice)</b>" was received. We will attend to it as soon as possible.<br><br>

Thank you,<br>
freebsd-ipfw@FreeBSD.ORG<br>
<br>
<br>
Be sure to visit the links below for free programs and information<br>
<a href="http://RackSpaceUnlimited.com/">Web sites, Racks Space, Colo Servers</a><br>
<a href="http://usww.com/index2.htm">Many things of interest</a><br>
<a href="http://w8.net/">Search Engine. Add your URL Free</a><br>
<a href="http://E.CyberLinkExchange.com/">Free Banner Exchange.500 Free Displays</a><br>
<a href="http://bdemo.usww.com/">Quick Business web site. 1 Minute setup</a><br>
<a href="http://hdemo.usww.com/">Quick Personal web site. 1 Minute setup</a><br>
<a href="http://usww.com/feedback/ads/">Free Classified Advertising</a><br>
<br>
<center><a href="http://usww.com/services/"><img src="http://usww.com/services/images/usww-systems-logo.gif" border=0></a></center>
<br>

<font size=+1><b>If you are concerned about <font color=red>viruses</font> <a href="http://usww.com/services/index.cgi?virus"  target="virus">click here</a><br>
This system is protected by the <a href="http://usww.com/services/index.cgi?virus" target="virus">USWW</a> Server Side Virus scanner and auto responder. Protecting you <font color=red>before</font> you know you need protection.</b></font>
<br><br>
</td></tr></table></center>
</td></tr></table></center>
<br>


 <br> 
<pre>
 ---First 50 lines of original message included below----


 
 Howdy,
 
 We're in the process of swaping providers and now I have to decide the
 best way to configure the resources we're going to have.
 
 From my searching I'm guessing that the following is probably not possible
 but some of the docs and discussions were a bit dated so perhaps things
 are changed....
 
 Essentially I would like to bridge and route in one box, doing natd on the
 routed net, using three cards. ie
 
      isdn                    firewall          
 isp ------ Cisco804 -------- ed0 ed1 -------- intranet/non-private ip's
                       dmz      ed2
                                 |  (natd)
                                 +------------ intranet/private 10/8
 
 I've got a 4 bit subnet from the isp that I want to split between the
 segements attatched to ed0 and ed1 as flexibly as possible so I would like
 to bridge between ed0 (which I gather should be configured with an ip) and
 ed1 (which should not have an ip). All possible and the function of a
 bridging firewall.
 
 Now, I would like to also have another private address segment which
 utilizes natd and is able to talk to both the ed0 and ed1 side.
 
 All the while being able to make use of ipfw's rules of course. 
 
 Possible or out of the question?
 
 My basic problem is deciding how to make the best use of the ip addresses
 they are giving us. Currently we have 1 ip address and are using natd
 over a dedicated dial up. Moving to a new provider and we're being given
 15 addresses. Now I could keep my current intranet just as it is and
 replace my ppp0 interface with an ed1 and using the ip addresses for
 things in the dmz. So....
 
      isdn                    firewall          
 isp ------ Cisco804 -------- ed0 ed1 -------- intranet/private ip's
                       dmz              natd
 
 Just that I don't have a use currently for all of the ips in the dmz and
 its like that I won't in the near future. I could slpit them in two but
 that only leave's 6 addresses that could be used on the intranet and isn't
 sufficient for the device count without having the mixxed
 private(natd') and non-private addresses.
 
 </pre> </html>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message