From owner-freebsd-questions@FreeBSD.ORG Tue Dec 12 21:44:08 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 01F3B16A4B3 for ; Tue, 12 Dec 2006 21:44:08 +0000 (UTC) (envelope-from jhary@unsane.co.uk) Received: from unsane.co.uk (www.unsane.co.uk [85.233.185.162]) by mx1.FreeBSD.org (Postfix) with ESMTP id 283E243E88 for ; Tue, 12 Dec 2006 21:26:54 +0000 (GMT) (envelope-from jhary@unsane.co.uk) Received: from [10.0.0.100] (crayfish.unsane.co.uk [10.0.0.100]) (authenticated bits=0) by unsane.co.uk (8.13.8/8.13.8) with ESMTP id kBCLSNmo034027 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 12 Dec 2006 21:28:24 GMT (envelope-from jhary@unsane.co.uk) Message-ID: <457F1EE1.6020600@unsane.co.uk> Date: Tue, 12 Dec 2006 21:28:01 +0000 From: Vince Hoffman User-Agent: Thunderbird 1.5.0.7 (X11/20061024) MIME-Version: 1.0 To: Bret J Esquivel References: <008701c71e2f$60ea9130$22bfb390$@net> In-Reply-To: <008701c71e2f$60ea9130$22bfb390$@net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Routing Question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2006 21:44:08 -0000 Bret J Esquivel wrote: > Hi, > > > > I have a cable modem at my office with a /28 allocated. I have a FreeBSD 6.1 > firewall/router in between the cable modem and the switch to other nodes. My > question is how could I add static routes to say my web server having an > external IP address but still going through the firewall box? NAT is not an > option. > > > > INET (70.164.48.225/28) -> [xl0] Firewall (70.164.48.226) [xl1] -> [xl0] Web > server (70.164.48.227) > > Only really one choice if you really don't want NAT (i've run web servers with a static nat many times though so i wouldn't rule it out if i were you) Routing wouldn't work in this scenario as you dont have enough control, you would have to bridge the interfaces on your firewall. man if_bridge. Bridging xl0 and xl1 on your firewall will make it act like a 2 port hub, but pf ,ipfw and ipf can still filter packets going across it. Personally in this situation i'd just add the IPs to the freebsd box and set static NATs up for anything that needs to be externally visible but a bridging firewall should work too. Vince > > > Thanks in advance. > > > > Bret > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >