Date: Mon, 7 Apr 2003 19:58:18 +0200 From: Emre Bastuz <info@emre.de> To: freebsd-isp@freebsd.org Subject: Re: DMZ Message-ID: <1049738298.3e91bc3a9a4ca@webmail.emre.de> In-Reply-To: <3E91A651.2010603@infodev.ca> References: <3E91A651.2010603@infodev.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Dominic, Zitat von "D.Pageau" <dpageau@infodev.ca>: [...] I believe the best way would be asking your ISP for another /30 subnet and a static routing entry for 216.1.1.0/28 to the firewall side of the new point-to-point link. You could then use the full /28 on your DMZ and the additional IP on rl0 for NATing your RFC1918 address space on rl2. If itīs not possible to get another /30 you might configure the 828 to have a point-to-point link using also private address space (say 172.16.0.0/30) and still having a static routing entry to the IP of rl0 on the 828. Using private address space on PTP links sometimes leads to confusion though, as this part of your connectivity will not show up on an external (i.e. another ISP) traceroute. Itīs a question of taste i believe. Iīd prefer the first choice if possible (depends much on the "quality" of your ISP). Regards, Emre -- Emre Bastuz info@emre.de http://www.emre.de UIN: 561260 PGP Key ID: 0xAFAC77FD
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1049738298.3e91bc3a9a4ca>