Date: Wed, 15 May 1996 22:00:54 -0600 From: Nate Williams <nate@sri.MT.net> To: "Jonathan M. Bresler" <jmb@freefall.freebsd.org> Cc: nate@sri.MT.net (Nate Williams), msmith@atrad.adelaide.edu.au, questions@freebsd.org Subject: Re: Networking / Routing question Message-ID: <199605160400.WAA21568@rocky.sri.MT.net> In-Reply-To: <199605160157.SAA11768@freefall.freebsd.org> References: <199605160055.SAA21095@rocky.sri.MT.net> <199605160157.SAA11768@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > > > use rfc-1918 addresses on the segment between the router and the > > > > > firewall. keep all your 32 ip addresses for your hosts. > > > > > > I was going to suggest this, until it occurred to me that it would be > > > impossible for the firewall to connect out through the router. > > > > The 'firewall' is our main email gateway box, and will end up doing all > > of the 'ftp/www/dns/etc' service to the world. > > do you really want to run those services on a firewall? I have to. Those are all of the services that *must* be accessible outside of the system. > perhaps on a host protected by the firewall or on a sacrifical > host outside the firewall (hardware jumpered read-only scsi > disks are *wonderful* ;) With a two-person office it's hard to justify two machines just to be safe. :) The firewall is setup to allow *anything* to go out, but only certain services coming in. It's the 'everything' box since it's isn't used for anything else, it may as well run those services. All of the internal machines are allowed to have 'Real'(tm) Internet access, but it's all routed through our firewall box which disallows most everything but 'known' OK services. Nate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605160400.WAA21568>