From owner-freebsd-questions Mon Feb 3 14:58:28 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 19E2837B401 for ; Mon, 3 Feb 2003 14:58:27 -0800 (PST) Received: from mx20a.rmci.net (mx20a.rmci.net [205.162.184.37]) by mx1.FreeBSD.org (Postfix) with SMTP id 9927E43F75 for ; Mon, 3 Feb 2003 14:58:25 -0800 (PST) (envelope-from massey@rmci.net) Received: (qmail 22151 invoked from network); 3 Feb 2003 22:58:24 -0000 Received: from webmaila.rmci.net (HELO rmci.net) (205.162.184.92) by mx20.rmci.net with SMTP; 3 Feb 2003 22:58:24 -0000 Received: from 216.222.104.2 (proxying for unknown) (SquirrelMail authenticated user massey@rmci.net) by webmail.velocitus.net with HTTP; Mon, 3 Feb 2003 15:58:24 -0700 (MST) Message-ID: <3593.216.222.104.2.1044313104.squirrel@webmail.velocitus.net> Date: Mon, 3 Feb 2003 15:58:24 -0700 (MST) Subject: Re: FBSD firewall in front of windows IIS servers HOW From: To: In-Reply-To: <20030203144706.H93792-100000@cypress.adhesivemedia.com> References: <20030203152311.7af897d4.fbsdq@kuyarov.org> <20030203144706.H93792-100000@cypress.adhesivemedia.com> X-Priority: 3 Importance: Normal X-MSMail-Priority: Normal Reply-To: massey@rmci.net X-Mailer: SquirrelMail (version 1.2.7) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I use NATD see http://www.freebsddiary.org/ipfw.php M > You could do natd it or use a bridged firewall so to everyone else it > would appear that the Windows box is on the net. The other nice thing > about the bridge is that you can set it up so that it doesn't have an IP > address at all... which makes it pretty hard to break into :) > > Sometimes that can get around some of the issues with self-referencing > urls (whether they are private or public) that happens with natd and > proxy servers... > > On Mon, 3 Feb 2003, Peter wrote: > >> Hello, >> Just wondering what would be the best way to do this... >> >> >> INTERNET----FBSD FIREWALL----WINDOWS IIS SERVER >> >> >> Basically what would be the best way to have freebsd accept incoming >> connections, run them thru the firewall, and all the packets that pass >> forward them to internal windows machines. I dont' want the windows >> boxen directly on the net, I want to put a FBSD firewall in front of >> them, and so far the best option I've found on how to do this is to >> have the windows boxen be 192.168.x.x and have the fbsd boxen forward >> all connections to "public_ip" to the windows box via natd. Does this >> seem like a good plan? Or anyone know of another better way to do >> this? >> >> -------------- >> Innovation is hard to schedule. >> -- Dan Fylstra >> >> ---FreeBSD The Power To Serve--- >> >> To Unsubscribe: send mail to majordomo@FreeBSD.org >> with "unsubscribe freebsd-questions" in the body of the message >> > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message