From owner-freebsd-isp Mon Nov 15 7: 3:31 1999 Delivered-To: freebsd-isp@freebsd.org Received: from mail.fil.net (mail.fil.net [202.57.102.7]) by hub.freebsd.org (Postfix) with ESMTP id 139B8150A9 for ; Mon, 15 Nov 1999 07:03:07 -0800 (PST) (envelope-from aLan@fil.net) Received: from fil.net ([202.57.102.6]) by mail.fil.net (Netscape Messaging Server 3.62) with ESMTP id 192; Mon, 15 Nov 1999 23:02:52 +0800 Message-ID: <38302099.E1DFECB1@fil.net> Date: Mon, 15 Nov 1999 23:02:50 +0800 From: "aLan Tait" X-Mailer: Mozilla 4.6 [en] (WinNT; I) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-isp@freebsd.org Subject: Duel Nic's Testing References: <38301010.E9BF0643@fil.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I run a tiny ISP on an island in the Philippines, with no one to talk to about FreeBSD! (Which means I have almost no money!) Right now I have converted some of our boxes from When?Doze-NT to FreeBSD (radius, bind 8, ftp and apache). I am now working on our the hardest problem yet, the firewall/filter. I have a Pentium 120 with 480 MB Hard Drive and 48 MB ram - that I want to use as a gateway. It has two Nics, a PCI NE2000 (outside) and a 3C905b-TX (inside), no problems getting these in (FreeBSD 3.3). rc.conf reads okay, bootup sees them too. Tomorrow I plan to load IPFilter, and then take on ALTQ for a little bandwidth control. Here is the problem... How do I test this... Without disrupting all our clients! Our little SBE router (I am not really routing and may be able to set this up as just a bridge - it supplies the needed high speed serial port), the router connects to a Microwave Radio to Manila (the lease line, now at 64 kbps, soon to be 128 kbps and I hope it will grow!). Our provider in Manila has a cisco with IP address: Manila serial port 1.2.98.10/30 Our Router serial port 1.2.98.9/30 Our Router address 1.2.102.1/23 (Gateway) Our Network 1.2.102/23 I can't touch the router at this time because of live traffic. If I set a couple workstations on the inside of this then set: the "inside" nick to 1.2.102.65/28 (which is vacant) the "outside" nick to 1.2.102.2/26 (which has the servers I need for testing) Will this work for testing? Or should I remove the 1.2.102.65/28 from the Ethernet of the router and "route" it to 1.2.102.2? Any Advise would be most welcome. aLan Tait PS I am also open for other suggestions. I chose IPFilter because, 1) the rules look like the rules in the SBE router (which I already understand some), 2) I want to stop people from getting into our site from the outside (they should be going to our mirror in the USA), 3) I want to redirect all outgoing port 80 traffic to a squid proxy, still to be built! I chose ALTQ because it allows any one customer to use are whole bandwidth if the others are not using it. I have enough IP's and I don't need any Network Translation. I was also looking at ipfw and dummynet, but couldn't find anything about allowing higher bandwidth when others are not using it. ++++++++++++++++++++++++++++++++++++++++++++++++++++++ Why did I convert from Windows NT? Because of its name... When?Doze - I never knew When? it was going to Doze! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message