From owner-freebsd-questions@FreeBSD.ORG Tue Dec 12 21:45:22 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7DED016A597 for ; Tue, 12 Dec 2006 21:45:22 +0000 (UTC) (envelope-from wmoran@collaborativefusion.com) Received: from mx00.pub.collaborativefusion.com (mx00.pub.collaborativefusion.com [206.210.89.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id D73DF4440A for ; Tue, 12 Dec 2006 21:37:16 +0000 (GMT) (envelope-from wmoran@collaborativefusion.com) Received: from vanquish.pgh.priv.collaborativefusion.com (vanquish.pgh.priv.collaborativefusion.com [192.168.2.61]) (SSL: TLSv1/SSLv3,256bits,AES256-SHA) by wingspan with esmtp; Tue, 12 Dec 2006 16:38:24 -0500 id 00056412.457F2150.000086A9 Date: Tue, 12 Dec 2006 16:38:24 -0500 From: Bill Moran To: "Bret J Esquivel" Message-Id: <20061212163824.f067e80c.wmoran@collaborativefusion.com> In-Reply-To: <008701c71e2f$60ea9130$22bfb390$@net> References: <008701c71e2f$60ea9130$22bfb390$@net> Organization: Collaborative Fusion X-Mailer: Sylpheed version 2.2.9 (GTK+ 2.10.6; i386-portbld-freebsd6.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Routing Question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2006 21:45:22 -0000 In response to "Bret J Esquivel" : > > I have a cable modem at my office with a /28 allocated. I have a FreeBSD 6.1 > firewall/router in between the cable modem and the switch to other nodes. My > question is how could I add static routes to say my web server having an > external IP address but still going through the firewall box? NAT is not an > option. > > INET (70.164.48.225/28) -> [xl0] Firewall (70.164.48.226) [xl1] -> [xl0] Web > server (70.164.48.227) I could have swore that someone else recommended bridging, so I won't bother to bring it up. The other option is to set that system up as a router, and build a proper routing table. Your ISP will need to be involved so they know to route traffic to your subnet through your gateway system. You need to enable forwarding in /etc/rc.conf. Then you'll need to subnet your range properly. Something like: 70.164.48.225/29 -> external 70.164.48.241/29 -> internal Then set your external interface on the router to 70.164.48.226 and the internal interface to 70.164.48.242. They you can use 70.164.48.243 - 249 on the inside. Configuring the FreeBSD machine as a bridging firewall will simplify the process, however, and is the approach I would recommend. -- Bill Moran Collaborative Fusion Inc.