Date: Mon, 3 Feb 2003 14:48:29 -0800 (PST) From: Philip Hallstrom <philip@adhesivemedia.com> To: Peter <fbsdq@kuyarov.org> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: FBSD firewall in front of windows IIS servers HOW Message-ID: <20030203144706.H93792-100000@cypress.adhesivemedia.com> In-Reply-To: <20030203152311.7af897d4.fbsdq@kuyarov.org>
next in thread | previous in thread | raw e-mail | index | archive | help
You could do natd it or use a bridged firewall so to everyone else it would appear that the Windows box is on the net. The other nice thing about the bridge is that you can set it up so that it doesn't have an IP address at all... which makes it pretty hard to break into :) Sometimes that can get around some of the issues with self-referencing urls (whether they are private or public) that happens with natd and proxy servers... On Mon, 3 Feb 2003, Peter wrote: > Hello, > Just wondering what would be the best way to do this... > > > INTERNET----FBSD FIREWALL----WINDOWS IIS SERVER > > > Basically what would be the best way to have freebsd accept incoming > connections, run them thru the firewall, and all the packets that pass > forward them to internal windows machines. I dont' want the windows > boxen directly on the net, I want to put a FBSD firewall in front of > them, and so far the best option I've found on how to do this is to have > the windows boxen be 192.168.x.x and have the fbsd boxen forward all > connections to "public_ip" to the windows box via natd. Does this seem > like a good plan? Or anyone know of another better way to do this? > > -------------- > Innovation is hard to schedule. > -- Dan Fylstra > > ---FreeBSD The Power To Serve--- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030203144706.H93792-100000>