From owner-freebsd-questions Mon Feb 3 14:35:15 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0438537B401 for ; Mon, 3 Feb 2003 14:35:14 -0800 (PST) Received: from pa-plum1b-166.pit.adelphia.net (pa-plum1b-166.pit.adelphia.net [24.53.161.166]) by mx1.FreeBSD.org (Postfix) with ESMTP id 301C543F79 for ; Mon, 3 Feb 2003 14:35:13 -0800 (PST) (envelope-from wmoran@potentialtech.com) Received: from potentialtech.com ([172.16.0.95]) by pa-plum1b-166.pit.adelphia.net (8.12.3/8.12.3) with ESMTP id h13MaST5072101; Mon, 3 Feb 2003 17:36:39 -0500 (EST) (envelope-from wmoran@potentialtech.com) Message-ID: <3E3EEE44.9040706@potentialtech.com> Date: Mon, 03 Feb 2003 17:33:40 -0500 From: Bill Moran User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.1) Gecko/20021127 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Peter Cc: freebsd-questions@freebsd.org Subject: Re: FBSD firewall in front of windows IIS servers HOW References: <20030203152311.7af897d4.fbsdq@kuyarov.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG [Please wrap lines to a reasonable length] Peter wrote: > Hello, > Just wondering what would be the best way to do this... > > > INTERNET----FBSD FIREWALL----WINDOWS IIS SERVER > > > Basically what would be the best way to have freebsd accept incoming connections, run them > thru the firewall, and all the packets that pass forward them to internal windows machines. > I dont' want the windows boxen directly on the net, I want to put a FBSD firewall in front > of them, and so far the best option I've found on how to do this is to have the windows boxen > be 192.168.x.x and have the fbsd boxen forward all connections to "public_ip" to the windows > box via natd. Does this seem like a good plan? Or anyone know of another better way to do this? That's how I would do it. I can't think of a better way, off the top of my head. Unless you want to proxy. You could set up FreeBSD with squid configured to reverse proxy, which should reduce internal traffic and increase performance. I don't know what your situation is, but I wouldn't bother with squid unless I was experimenting with squid or had a situation where the IIS servers were getting hammered by requests. -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message