Date: Tue, 13 Nov 2001 11:41:44 -0600 From: "Travis L. Leuthauser" <travis@bbipmail.com> To: "Fabrizio Ravazzini" <freefabri@yahoo.it> Cc: <freebsd-isp@freebsd.org> Subject: RE: Nat Gateway Firewall rules Message-ID: <NEBBIGMCEDGDNFGOAAFLAEIHGJAA.travis@bbipmail.com> In-Reply-To: <20011113172833.16267.qmail@web20106.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Why not assign all public IP's to the FreeBSD gateway and then forward port requests to internal boxes based on IP/port combinations. Like such: INTERNET | | |Public Ip0 _____|_________ | Router CISCO | +------+--------+ | |PublicIP1,PublicIP2,PublicIp3 +---------+ | NAT | |Firewall | +---------+ DMZLan1 +----+ | | +------+ |WWW1|--------+ +-----+-----| WWW2 | +----+ | +------+ | InternalLan1 |DNS (DMZLan2) Then do your forwarding like so: PublicIP2:80 --> DMZLan1:80 PublicIP2:53 --> DMZLan2:53 PublicIP3:80 --> InternalLan1:80 and so on. Hope this helps, Travis L. Leuthauser -----Original Message----- From: owner-freebsd-isp@FreeBSD.ORG [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Fabrizio Ravazzini Sent: Tuesday, November 13, 2001 11:29 AM To: Fabrizio Ravazzini Cc: freebsd-isp@freebsd.org Subject: RE: Nat Gateway Firewall rules --- Fabrizio Ravazzini <freefabri@yahoo.it> ha scritto: > many thanks for help,now I've tought to another > problem, I've read on the FreebSD Handbook > (cap17.11-Nat) and the natd manual page that with > the > option -redirect_address, if I have for example a > www > server I can redirect the traffic to this server > wich > is on the internal Lan or also to another machine > with > public Ip. > But the problem is: if I have two or more web > servers > in the lan or also out of the Lan which they must be > reached from the internet how can I redirect with > natd? > Because with natd I can redirect (I understood) only > one machine for one service. > Shortly the scheme: > OPS!! the correct scheme is this(With the router) INTERNET | | |Public Ip0 _____|_________ | Router CISCO | +------+--------+ | |PublicIP1 +---------+ | NAT | |Firewall | +---------+ PublicIP2 +----+ | | +------+ |WWW1|--------+ +-----+-----| WWW2 | +----+ | +------+ PublicIp3 | or InternalLan1 |DNS Thanks,bye > > --- John Brooks <john@day-light.com> ha scritto: > > Try > these: > > > > http://www.obfuscation.org/ipf/ > > > > http://geodsoft.com/howto/harden/ > > > > -- > > John Brooks > > Email: john@stlbsd.org > > > > -----Original Message----- > > > > ...snip... > > > > I must provide a strong Firewall set of rules on > the > > nat, where can I find some docs to do such a > thing? > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the > message > > ______________________________________________________________________ > > Abbonati a Yahoo! ADSL con Atlanet! > Naviga su Internet ad alta velocitą, e senza limiti > di tempo! > Per saperne di pił vai alla pagina > http://adsl.yahoo.it > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message ______________________________________________________________________ Abbonati a Yahoo! ADSL con Atlanet! Naviga su Internet ad alta velocitą, e senza limiti di tempo! Per saperne di pił vai alla pagina http://adsl.yahoo.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NEBBIGMCEDGDNFGOAAFLAEIHGJAA.travis>