Date: Mon, 30 Apr 2001 13:10:24 -0700 (PDT) From: John Wilson <john_wilson100@excite.com> To: Nick Rogness <nick@rogness.net> Cc: freebsd-net@FreeBSD.ORG Subject: Re: ipfw routing/netmask problem Message-ID: <6458253.988661425565.JavaMail.imail@almond.excite.com>
next in thread | raw e-mail | index | archive | help
On Mon, 30 Apr 2001 14:03:04 -0500 (CDT), Nick Rogness wrote: > On Mon, 30 Apr 2001, John Wilson wrote: > > This seems like a good solution. Please help me figure out the > > subnets/routes I need to use. So far, I have this: > > > > /---------------------\ > > | router 90.91.92.1 | > > \---------------------/ > > | > > | > > /---------------------\ /---------------------\ > > | fxp0 90.91.92.2/30 |---| fxp1 90.91.92.?/? | > > \---------------------/ \---------------------/ > > -| | |----------- > > | | | > > /-------\ /-------\ /-------\ > > | NAT 1 | | NAT 2 | | DMZ | > > \-------/ \-------/ \-------/ > > > > All I gotta do is fill in the missing blanks :) > > > fxp1= 90.91.92.17 netmask 255.255.255.240 > > All DMZ machines (90.91.92.18 -> 90.91.92.30) are setup with the > same netmask (255.255.255.240) and point to .17 as there gateway. Sounds good! Do I need to do anything special on the router? As a side question, do you think a single 600MHz P3 w/128Mb RAM (and not too many firewall rules) can handle ~100 NAT clients? Thanks John > > I would, however, change your physcial setup by splitting off your > DMZ onto it's own ethernet card and switch like so: > > Public (Router) > | > fxp0 > | > BSD --fxp2---DMZ > | > fxp1 > | > Private Net > / \ > nat1 nat2 > > It just makes more sense security wise and makes administration a > little less difficult. It also gives you more options with > firewalling and such. > > > Nick Rogness <nick@rogness.net> > - Keep on Routing in a Free World... > "FreeBSD: The Power to Serve!" _______________________________________________________ Send a cool gift with your E-Card http://www.bluemountain.com/giftcenter/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6458253.988661425565.JavaMail.imail>