Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 15 Jun 2000 23:26:05 -0700 (PDT)
From:      Doug White <dwhite@resnet.uoregon.edu>
To:        Sean-Paul Rees <sean@seanrees.com>
Cc:        stable@FreeBSD.ORG
Subject:   Re: Advanced Router
Message-ID:  <Pine.BSF.4.21.0006152320500.12294-100000@resnet.uoregon.edu>
In-Reply-To: <20000614145219.A88415@seanrees.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, 14 Jun 2000, Sean-Paul Rees wrote:

> We want to put our media labs on private address space to conserve our
> routable address space. We also want a small firewall to filter out
> some of the garbage that goes through, and to block certain services
> from untrusted sources.
> 
> What I want to do is sit the FreeBSD box in the middle, so-to-speak.
> 
>                    [T1 - CRL]
>                        |
>                 [FreeBSD Router]
>         ___________|      |___________
>         |                            |
>   [ Our Servers ]             [ Media Labs NAT ] 
>    (x.x.x.x/24)                (192.168.0.0/24)

In this case I'd push the NAT to cover all the systems and extend the
private address space to cover everything.  Then use redirect_port and/or
redirect_address in the natd configuration to pipe through the services
from the servers to the outside world.  This buys you an implicit firewall
for your servers (==good). The QTS server will probably require
redirect_address so you may want to craft some firewall rules to protect
it individually.

This gets around the sticky broadcast problems you need for conventional
AppleShare (you really should use AppleShareIP, it's faster and much more
stable).

Also pick up a good extensible switch, like a HP ProCurve 4000M, and plug
everything into it.  80 ports for $1000 with rebate and is a fantastic
switch.

Do you have a T1/sync serial card that you're plugging the T1/CSU/DSU
through or do you have ie. a Cisco 2600 that's taking care of that?

Doug White                    |  FreeBSD: The Power to Serve
dwhite@resnet.uoregon.edu     |  www.FreeBSD.org



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0006152320500.12294-100000>