Date: Sat, 29 Jan 2000 22:32:46 -0800 (PST) From: William Woods <freebsd@cybcon.com> To: Coleman Kane <cokane@one.net> Cc: freebsd-stable@FreeBSD.ORG, Doug White <dwhite@resnet.uoregon.edu> Subject: Re: FW: DSL natd rules.... Message-ID: <XFMail.000129223246.freebsd@cybcon.com> In-Reply-To: <20000130012354.A86581@evil.2y.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Well, USWEST says the 675 needs to be in PPP mode and not bridged. I have the 675's manuals and have been reading them. LIke I said, I have NAT from the 675 to the router/gateway (Not running a server) and on the gateway/router I am useing ipfw and natd to the internal LAN. Is this not a viable solution? On 30-Jan-00 Coleman Kane wrote: > Doug White had the audacity to say: >> On Sat, 29 Jan 2000, William Woods wrote: >> >> > Hmmm.... >> > >> > Well I was planning on running NAT from the cisco to the FreeBSD >> > router/gateway/firewall and then NATD on the router gateway to deliver to >> > the >> > rest of the LAN. This is a bad thing I take it? >> >> 1) The extra overhead of double-processing packets >> 2) Setting up static NAT or redirected ports becomes a nightmare >> 3) You're limited by what the DSL modem can NAT; at least on FreeBSD you >> have the source to hack :) >> > > 1) depending on the speed of your DSL connection (I am guessing it's 1Mb at > most), the overhead will be negligable, as long as the NAT box is properly > outfitted for its purpose. I am guessing that you already planned for it. > 2) This isn't necessarily a 'nightmare' as long as you are using the right > tools > there isn't really that much trouble. Most protocols don't even need static > mappings now. If you are planning on running a server, why not use a box > outside of the firewall, and map with the cisco. Opening holes in your > firewall is a security risk almost as bad as not having one at all. > 3) If you are using a cisco 675, you can get the manuals off cisco's website. > Since you are actually using one IP from the router, the cisco 675 can be > used in bridging mode rather than routing mode. Basically you can route all > traffic to the router directly to the firewall. You should be careful to use > the serial management cable in case you can't acess the cisco after this. > The > cisco 675's are rather versatile routers that have a lot of functionality > internally. Go to cisco's site and read the CBOS manual to learn how to > configure it. > >> > What would you reccomend doing to get around this? >> >> Finding an ISP in your area that does bridged, or dropping NAT from the >> BSD box and letting the router take care of that. >> > > In my experiences and knowledge, the phone company's network does a lot of > the > NAT and everything. Somewhere along the line your final output IP is bridged > with the ISP's IP to give to you. The NAT and routing is typically internal > in > the phone company. > >> I have a bridged DSL connection so I don't have this problem :) >> >> Doug White | FreeBSD: The Power to Serve >> dwhite@resnet.uoregon.edu | www.FreeBSD.org >> > > --cokane ---------------------------------- E-Mail: William Woods <freebsd@cybcon.com> Date: 29-Jan-00 Time: 22:30:44 This message was sent by XFMail ---------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.000129223246.freebsd>