mail at chdevelopment.se
Sun Oct 14 14:28:40 PDT 2007
jhall at vandaliamo.net wrote:
> Following is my configuration.
> External Interface------->Internal Interface--------> Rest of network
> 126.96.36.199/24 10.129.10.40/24
> 188.8.131.52/32 Alias
> 184.108.40.206/24 is the IP address all http traffic will come in on. 220.127.116.11/32
> is the IP address all other traffic will come in on. Both of these
> addresses reside on a single NIC with 18.104.22.168 being an alias.
> rdr 22.214.171.124/32 port 80 -> 10.129.10.49 port 80
> map em1 10.129.10.0/24 -> 0.0.0.0/32
> 10.129.10.49 has 10.129.10.40 (my firewall) listed as its default gateway.
> When it responds to a request that has been forwarded, how will the
> firewall return the response? Will it return the request on 126.96.36.199?
I think you should specify the interface and protocol as well, e.g.
rdr xl0 188.8.131.52/32 port 80 -> 10.129.10.49 port 80 tcp
The response will have 184.108.40.206 as source-address, the nat software
remember that the translation/mapping was done on 220.127.116.11.
I guess you have already added
to the file /etc/rc.conf
However, it's very bad to let people in to your protected network, if
they can fool your webserver they have control over a internal machine.
If the 10.129.10.0/24 is a DMZ, used only for web/mail etc this is of
course okey to do.
More information about the freebsd-net