Multiple_External_IPs+IPFW+arp_proxy+Dummynet+natd_etc

Jose Hidalgo Herrera jose at hostarica.com
Wed Jun 16 19:58:56 GMT 2004 

On Wed, 2004-06-16 at 06:42, Fangorn wrote:

> Hello!
> 
> FreeBSD 5.2.1, IPFW(2 of course), 1 ext_if, 2 int_ifs, P200MMX, 96MB,
> HDD 2GB
> I have recently set up a router serving and shaping a small network
> +/-20 clients (mostly wireless, but that's not important, as the AP does
> the job).
> 
> I do a static ARP, I have quite a simple firewall, of course natd is up
> and running fine. Some pipes and queues pretend to share the traffic
> fairly :). Now my concern is:
> 
> 1. What is the best way to assign an external IP (I have 4 available) to
> a LAN client machine?
> 2. How (if at all) it affects traffic shaping?


you can: 
    1) use the other interface for the DMZ ( but you lose 1 ip for the
router's interface)
    2) forward traffic sent to the public ips to private ips
        ej. 
            ipfw add fwd privateip,80 tcp from any to publicip 80 setup
keep-state

You have the same bandwidth, unless you buy more!


> 
> I would be greatful for a bunch of ideas and eternally greatful for
> examples of working scripts/firewall rules etc. 
> 
> Disclaimer: Yes, I did a google research, and found nothing that would
> cover the afformentioned problem. :-) At least nothing else than 'Well,
> you might try this ports thingy, but I don't really know if it helps.'
> ;-D
> 
> PS: (or BTW) Maybe someone also has a solution to a problem of sharing
> two external connections in a reasonable way in such a network? Of
> course load-balancing would be desirable, but any working examples are
> welcome.
> 
> Thank You for Your patience.


--
Hi! I'm a .signature virus! 
Copy me into your ~/.signature to help me spread!

Jose Hidalgo
PGP: 15524480
jose at hostarica.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-ipfw/attachments/20040616/a1075ff7/attachment.bin

More information about the freebsd-ipfw mailing list