From owner-freebsd-isp Tue Nov 13 9:43:15 2001 Delivered-To: freebsd-isp@freebsd.org Received: from web20108.mail.yahoo.com (web20108.mail.yahoo.com [216.136.226.45]) by hub.freebsd.org (Postfix) with SMTP id 7D05437B405 for ; Tue, 13 Nov 2001 09:43:09 -0800 (PST) Message-ID: <20011113174309.7867.qmail@web20108.mail.yahoo.com> Received: from [62.11.71.109] by web20108.mail.yahoo.com via HTTP; Tue, 13 Nov 2001 18:43:09 CET Date: Tue, 13 Nov 2001 18:43:09 +0100 (CET) From: =?iso-8859-1?q?Fabrizio=20Ravazzini?= Subject: Re: Nat Gateway Firewall rules To: Drew Tomlinson Cc: freebsd-isp@freebsd.org In-Reply-To: <014b01c16c68$91889310$cd2a6ba5@lc.ca.gov> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ups! thanks but what a pity, but the option -alias_address or -target_address? Can they help me? --- Drew Tomlinson ha scritto: > ----- Original Message ----- > From: "Fabrizio Ravazzini" > To: > Cc: > Sent: Tuesday, November 13, 2001 9:18 AM > Subject: RE: Nat Gateway Firewall rules > > > > many thanks for help,now I've tought to another > > problem, I've read on the FreebSD Handbook > > (cap17.11-Nat) and the natd manual page that with > the > > option -redirect_address, if I have for example a > www > > server I can redirect the traffic to this server > wich > > is on the internal Lan or also to another machine > with > > public Ip. > > But the problem is: if I have two or more web > servers > > in the lan or also out of the Lan which they must > be > > reached from the internet how can I redirect with > > natd? > > The only way I know is to connect to them via > different ports. In other > words, tell NAT that requests on port 80 get > redirected to WWW1:80 and > requests on port 8080 get reidrected to WWW2:80. > Then to connect to > WWW2, you would put http://WWW2:8080 in your web > browser. > > HTH, > > Drew > > > Because with natd I can redirect (I understood) > only > > one machine for one service. > > Shortly the scheme: > > > > INTERNET > > | > > |PublicIP1 > > +---------+ > > | NAT | > > |Firewall | > > +---------+ PublicIP2 > > +----+ | | +------+ > > |WWW1|--------+ +-----+-----| WWW2 | > > +----+ | +------+ > > PublicIp3 | > > or InternalLan1 |DNS > > > > > > Thanks,bye > > > > > > --- John Brooks ha scritto: > > Try > > these: > > > > > > http://www.obfuscation.org/ipf/ > > > > > > http://geodsoft.com/howto/harden/ > > > > > > -- > > > John Brooks > > > Email: john@stlbsd.org > > > > > > -----Original Message----- > > > > > > ...snip... > > > > > > I must provide a strong Firewall set of rules on > the > > > nat, where can I find some docs to do such a > thing? > > > > > > > > > To Unsubscribe: send mail to > majordomo@FreeBSD.org > > > with "unsubscribe freebsd-isp" in the body of > the > > message > > > > > ______________________________________________________________________ > > > > Abbonati a Yahoo! ADSL con Atlanet! > > Naviga su Internet ad alta velocitą, e senza > limiti di tempo! > > Per saperne di pił vai alla pagina > http://adsl.yahoo.it > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-isp" in the body of the > message > > > > > ______________________________________________________________________ Abbonati a Yahoo! ADSL con Atlanet! Naviga su Internet ad alta velocitą, e senza limiti di tempo! Per saperne di pił vai alla pagina http://adsl.yahoo.it To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message