From owner-freebsd-isp  Tue Nov 13  9:41:52 2001
Delivered-To: freebsd-isp@freebsd.org
Received: from qmail.broadbandip.net (s01.wave-speed.net [204.1.106.4])
	by hub.freebsd.org (Postfix) with SMTP id E046B37B405
	for <freebsd-isp@freebsd.org>; Tue, 13 Nov 2001 09:41:44 -0800 (PST)
Received: (qmail 13606 invoked by uid 7770); 13 Nov 2001 17:41:44 -0000
Received: from nat-gw.gecinc.com (HELO travisl) (204.27.124.229)
  by s01.wave-speed.net with SMTP; 13 Nov 2001 17:41:44 -0000
From: "Travis L. Leuthauser" <travis@bbipmail.com>
To: "Fabrizio Ravazzini" <freefabri@yahoo.it>
Cc: <freebsd-isp@freebsd.org>
Subject: RE: Nat Gateway Firewall rules
Date: Tue, 13 Nov 2001 11:41:44 -0600
Message-ID: <NEBBIGMCEDGDNFGOAAFLAEIHGJAA.travis@bbipmail.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
In-Reply-To: <20011113172833.16267.qmail@web20106.mail.yahoo.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org

Why not assign all public IP's to the FreeBSD gateway and then forward port
requests to internal boxes based on IP/port combinations.  Like such:

		INTERNET
 		  |
		  |
		  |Public Ip0
             _____|_________
            | Router CISCO  |
            +------+--------+
                   |
                   |PublicIP1,PublicIP2,PublicIp3
                 +---------+
                 | NAT     |
        	 |Firewall |
                 +---------+       DMZLan1
     +----+        |  |           +------+
     |WWW1|--------+  +-----+-----| WWW2 |
     +----+                 |     +------+
                            |
       InternalLan1         |DNS (DMZLan2)

Then do your forwarding like so:

PublicIP2:80 -->  DMZLan1:80
PublicIP2:53 -->  DMZLan2:53
PublicIP3:80 -->  InternalLan1:80
and so on.

Hope this helps,

Travis L. Leuthauser

-----Original Message-----
From: owner-freebsd-isp@FreeBSD.ORG
[mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Fabrizio Ravazzini
Sent: Tuesday, November 13, 2001 11:29 AM
To: Fabrizio Ravazzini
Cc: freebsd-isp@freebsd.org
Subject: RE: Nat Gateway Firewall rules


 --- Fabrizio Ravazzini <freefabri@yahoo.it> ha
scritto: > many thanks for help,now I've tought to
another
> problem, I've read on the FreebSD Handbook
> (cap17.11-Nat) and the natd manual page that with
> the
> option -redirect_address, if I have for example a
> www
> server I can redirect the traffic to this server
> wich
> is on the internal Lan or also to another machine
> with
> public Ip.
> But the problem is: if I have two or more web
> servers
> in the lan or also out of the Lan which they must be
> reached from the internet how can I redirect with
> natd?
> Because with natd I can redirect (I understood) only
> one machine for one service.
> Shortly the scheme:
>
 OPS!! the correct scheme is this(With the router)


 		INTERNET
 		  |
		  |
		  |Public Ip0
             _____|_________
            | Router CISCO  |
            +------+--------+
                   |
                   |PublicIP1
                 +---------+
                 | NAT     |
        	 |Firewall |
                 +---------+       PublicIP2
     +----+        |  |           +------+
     |WWW1|--------+  +-----+-----| WWW2 |
     +----+                 |     +------+
       PublicIp3            |
       or InternalLan1      |DNS


 Thanks,bye

>
> --- John Brooks <john@day-light.com> ha scritto: >
> Try
> these:
> >
> > http://www.obfuscation.org/ipf/
> >
> > http://geodsoft.com/howto/harden/
> >
> > --
> > John Brooks
> > Email:  john@stlbsd.org
> >
> > -----Original Message-----
> >
> > ...snip...
> >
> > I must provide a strong Firewall set of rules on
> the
> > nat, where can I find some docs to do such a
> thing?
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-isp" in the body of the
> message
>
>
______________________________________________________________________
>
> Abbonati a Yahoo! ADSL con Atlanet!
> Naviga su Internet ad alta velocitą, e senza limiti
> di tempo!
> Per saperne di pił vai alla pagina
> http://adsl.yahoo.it
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-isp" in the body of the
message

______________________________________________________________________

Abbonati a Yahoo! ADSL con Atlanet!
Naviga su Internet ad alta velocitą, e senza limiti di tempo!
Per saperne di pił vai alla pagina http://adsl.yahoo.it

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message