From owner-freebsd-questions  Tue Sep 15 17:11:19 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id RAA13042
          for freebsd-questions-outgoing; Tue, 15 Sep 1998 17:11:19 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from resnet.uoregon.edu (resnet.uoregon.edu [128.223.144.32])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA12818
          for <freebsd-questions@FreeBSD.ORG>; Tue, 15 Sep 1998 17:10:02 -0700 (PDT)
          (envelope-from dwhite@resnet.uoregon.edu)
Received: from localhost (dwhite@localhost)
          by resnet.uoregon.edu (8.8.8/8.8.8) with ESMTP id RAA20515;
          Tue, 15 Sep 1998 17:09:30 -0700 (PDT)
          (envelope-from dwhite@resnet.uoregon.edu)
Date: Tue, 15 Sep 1998 17:09:29 -0700 (PDT)
From: Doug White <dwhite@resnet.uoregon.edu>
To: chas <panda@peace.com.my>
cc: freebsd-questions@FreeBSD.ORG
Subject: Re: How to use FBSD as a proxy between firewall and LAN. (or 
 shouldn't I ?)
In-Reply-To: <3.0.32.19980915230005.00d6dacc@mail.peace.com.my>
Message-ID: <Pine.BSF.4.03.9809151708560.19769-100000@resnet.uoregon.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, 15 Sep 1998, chas wrote:

> Sorry to bother you all but having read the archives and the ORA
> firewall book, I'm still pretty clueless.
> 
> Trying to implement a firewall/network :
> 
>                                 |<--> Server Farm A
>                                 |
>                                 |<--> Server Farm B
> [INet]<--> Router <--> Firewall |
>                                 |<--> FBSD Proxy <-- LAN
>                                 |
>                                 |<--> free
> 
> The firewall is on a Sun box with a quad-NIC using commercial
> firewall software. The LAN has over 100 PCs.
> 
> Does it make sense to use a FreeBSD box as I have shown
> above to act as a Proxy (and also router) between the LAN
> and the Firewall ? Does this network layout make sense or
> have I lost the plot ? (not that I really understood it in
> the first place).

Looks OK to me.  

> To set up the FreeBSD proxy above, will it really require
> static routes for all the PCs between the LAN and the Firewall ?

No; run NATD on the FreeBSD box and you'll only need to allocate a single
IP to it.

Doug White                              | University of Oregon  
Internet:  dwhite@resnet.uoregon.edu    | Residence Networking Assistant
http://gladstone.uoregon.edu/~dwhite    | Computer Science Major


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message