Date: Mon, 15 Nov 1999 23:02:50 +0800 From: "aLan Tait" <aLan@fil.net> To: freebsd-isp@freebsd.org Subject: Duel Nic's Testing Message-ID: <38302099.E1DFECB1@fil.net> References: <Pine.BSF.3.96.991022113326.25279A-100000@aurora.scoop.co.nz> <38301010.E9BF0643@fil.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I run a tiny ISP on an island in the Philippines, with no one to talk to about FreeBSD! (Which means I have almost no money!) Right now I have converted some of our boxes from When?Doze-NT to FreeBSD (radius, bind 8, ftp and apache). I am now working on our the hardest problem yet, the firewall/filter. I have a Pentium 120 with 480 MB Hard Drive and 48 MB ram - that I want to use as a gateway. It has two Nics, a PCI NE2000 (outside) and a 3C905b-TX (inside), no problems getting these in (FreeBSD 3.3). rc.conf reads okay, bootup sees them too. Tomorrow I plan to load IPFilter, and then take on ALTQ for a little bandwidth control. Here is the problem... How do I test this... Without disrupting all our clients! Our little SBE router (I am not really routing and may be able to set this up as just a bridge - it supplies the needed high speed serial port), the router connects to a Microwave Radio to Manila (the lease line, now at 64 kbps, soon to be 128 kbps and I hope it will grow!). Our provider in Manila has a cisco with IP address: Manila serial port 1.2.98.10/30 Our Router serial port 1.2.98.9/30 Our Router address 1.2.102.1/23 (Gateway) Our Network 1.2.102/23 I can't touch the router at this time because of live traffic. If I set a couple workstations on the inside of this then set: the "inside" nick to 1.2.102.65/28 (which is vacant) the "outside" nick to 1.2.102.2/26 (which has the servers I need for testing) Will this work for testing? Or should I remove the 1.2.102.65/28 from the Ethernet of the router and "route" it to 1.2.102.2? Any Advise would be most welcome. aLan Tait PS I am also open for other suggestions. I chose IPFilter because, 1) the rules look like the rules in the SBE router (which I already understand some), 2) I want to stop people from getting into our site from the outside (they should be going to our mirror in the USA), 3) I want to redirect all outgoing port 80 traffic to a squid proxy, still to be built! I chose ALTQ because it allows any one customer to use are whole bandwidth if the others are not using it. I have enough IP's and I don't need any Network Translation. I was also looking at ipfw and dummynet, but couldn't find anything about allowing higher bandwidth when others are not using it. ++++++++++++++++++++++++++++++++++++++++++++++++++++++ Why did I convert from Windows NT? Because of its name... When?Doze - I never knew When? it was going to Doze! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38302099.E1DFECB1>