Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 25 Feb 2003 09:02:51 +0200
From:      Willie Viljoen <will@unfoldings.net>
To:        "Guilherme J. R. Oliveira" <guilherme@nortenet.pt>, freebsd-questions@freebsd.org
Subject:   Re: firewall/nat Web Hosting architecture
Message-ID:  <200302250902.51065.will@unfoldings.net>
In-Reply-To: <20030224224456.05d0abb3.guilherme@nortenet.pt>
References:  <20030224224456.05d0abb3.guilherme@nortenet.pt>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tuesday 25 February 2003 0:44, someone, possibly Guilherme J. R. 
Oliveira, typed:

>
> - if the public ip's adress's will be served with bind then it must be
> installed in the same box as firewall&nat. True ? But I wish that bind
> stays behind the firewall. - I have only 2 public ip's that must be
> assigned (i think) to bind and secondary_bind. How can I acess to iis
> and/or apache server independently from internet ?
>

This creates a few problems for routing, but all can be overcome. What you 
want to do is add your public IPs as aliases on your firewall/NAT machine. 
You can do this by putting these in rc.conf, right under the current 
interface address. This assumes your interface to the outside world is 
fxp0:

ifconfig_fxp0="inet 20.4.37.34 netmask 255.255.255.252"
defaultrouter="20.4.37.33"
ifconfig_fxp0_alias0="inet 20.4.40.137 netmask 255.255.255.252"
ifconfig_fxp0_alias1="inet 20.4.40.138 netmask 255.255.255.255"

You would have to get the proper netmask from your ISP, these would only 
work in very obscure routing conditions (but most ISPs that enforce NAT on 
their customers would also use something weird like this)

Then, give your servers internal addresses and add appropriate static NAT 
rules to pass all traffic for those IPs directly to them.

If you can get your ISP to give you a routable range instead, that is still 
the best though.

Will

-- 
Willie Viljoen
Freelance IT Consultant

214 Paul Kruger Avenue, Universitas
Bloemfontein
9321
South Africa

+27 51 522 15 60
+27 51 522 44 36 (after hours)
+27 82 404 03 27 (mobile)

will@unfoldings.net

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200302250902.51065.will>