Routing problem.. cisco -->fbsd-->Lan Experts??

keith at smmc.qld.edu.au keith at smmc.qld.edu.au
Fri Jul 11 21:03:14 PDT 2003


HI and thanks,
Cool! I am OK with the fbsd stuff ipfilter ipnat etc. I garee it is nice.
The small matter of the cisco thing...hmmm!
OK...so would it be ok to ask another question or 2 later if today is bad?
I need to know how to "bridge" the /29 on the cisco.
does it mean I simply install static routing on the cisco by doing
something like...

ip classless (default)
ip route 203.44.288.0 255.255.255.248 ethernet0 10.0.0.2
no ip http server (default)

(NOTE: 10.0.0.2 is the ip of the fbsd box, 10.0.0.1 is the ethernet0 ip of
cisco router)


I have read the cisco docs but is slightly foreign language to me.
I would greatly appreciate it. My balls are now on the line here. I should
never volunteer to help!?
Am i close?
Keith



> keith at smmc.qld.edu.au wrote:
>
>>I have a friend with a cisco 827 adsl router. It has config hassles but
>> when that is sorted, we need to setup a freebsd box inside the cisco
>> router to handle a /29 block of ips. 3 questions...
>>
> I'm running an identical setup here - a Cisco 827, a /29, and a FreeBSD
> machine (or two) performing NAT for my LAN.
>
>>a) Should I assume the cisco is not the worlds greatest firewall and
>> setup the freebsd machine as one (creating a dmz)
>>
> The Cisco will be "adequate," but I prefer the ease of use and added
> functions a FreeBSD machine running IP Filter/IPNAT, but that's just me.
>
>>b) The /29 block is routed by the ISP to  the cisco device. I guess we
>> need to place a static route on the cisco gadget that directs any of
>> the incoming /29 block request onto the freebsd box...Correct?
>>
> I have my 827 set up as a very basic bridge. This means that instead of
> the /29 "terminating," so to speak, on the 827, each of my allocated IP
> addresses is available directly on an ethernet interface on one of two
> FreeBSD machines.
>
> As a partial answer to part C, if you bridge the /29 to the FreeBSD
> machine, you can easily configure IPF and IPNAT to port-forward to
> various internet servers as required. Personally, the machine I have
> performing NAT (with my /29 on one interface and a private /24 on the
> other) for my internal network also runs various services. It's not an
> ideal setup, but it is functional and easy to maintain.
>
> Sorry I can't answer the rest of your questions, my brain is still
> enjoying the aftereffects of a big Friday night :)
>
> --Steven
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"





More information about the freebsd-questions mailing list