From owner-freebsd-questions Mon Feb 3 14:48:38 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4013837B407 for ; Mon, 3 Feb 2003 14:48:36 -0800 (PST) Received: from cypress.adhesivemedia.com (cypress.adhesivemedia.com [207.202.159.72]) by mx1.FreeBSD.org (Postfix) with ESMTP id E3E0743FAF for ; Mon, 3 Feb 2003 14:48:34 -0800 (PST) (envelope-from philip@adhesivemedia.com) Received: from cypress.adhesivemedia.com (localhost [127.0.0.1]) by cypress.adhesivemedia.com (8.12.3/8.12.3) with ESMTP id h13MmTHF095324; Mon, 3 Feb 2003 14:48:29 -0800 (PST) (envelope-from philip@adhesivemedia.com) Received: from localhost (philip@localhost) by cypress.adhesivemedia.com (8.12.3/8.12.3/Submit) with ESMTP id h13MmTv9095321; Mon, 3 Feb 2003 14:48:29 -0800 (PST) (envelope-from philip@adhesivemedia.com) X-Authentication-Warning: cypress.adhesivemedia.com: philip owned process doing -bs Date: Mon, 3 Feb 2003 14:48:29 -0800 (PST) From: Philip Hallstrom To: Peter Cc: freebsd-questions@FreeBSD.ORG Subject: Re: FBSD firewall in front of windows IIS servers HOW In-Reply-To: <20030203152311.7af897d4.fbsdq@kuyarov.org> Message-ID: <20030203144706.H93792-100000@cypress.adhesivemedia.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG You could do natd it or use a bridged firewall so to everyone else it would appear that the Windows box is on the net. The other nice thing about the bridge is that you can set it up so that it doesn't have an IP address at all... which makes it pretty hard to break into :) Sometimes that can get around some of the issues with self-referencing urls (whether they are private or public) that happens with natd and proxy servers... On Mon, 3 Feb 2003, Peter wrote: > Hello, > Just wondering what would be the best way to do this... > > > INTERNET----FBSD FIREWALL----WINDOWS IIS SERVER > > > Basically what would be the best way to have freebsd accept incoming > connections, run them thru the firewall, and all the packets that pass > forward them to internal windows machines. I dont' want the windows > boxen directly on the net, I want to put a FBSD firewall in front of > them, and so far the best option I've found on how to do this is to have > the windows boxen be 192.168.x.x and have the fbsd boxen forward all > connections to "public_ip" to the windows box via natd. Does this seem > like a good plan? Or anyone know of another better way to do this? > > -------------- > Innovation is hard to schedule. > -- Dan Fylstra > > ---FreeBSD The Power To Serve--- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message