bypassing a proxy server

Matthew Seaman m.seaman at infracaninophile.co.uk
Mon Mar 15 06:51:12 PST 2004


On Mon, Mar 15, 2004 at 08:10:04PM +0100, Robert Storey wrote:

> The only problem I see here is I don't know how I'm going to get an
> address for the ftp server. The Win2000 gateway has a static address, it
> dishes out addresses to the clients with dhcp. The NAT addresses are of
> course internal addresses like 10.0.0.12, but the school does own a
> block of 64 static addresses. If I simply stick a hub in front of the
> gateway machine, all traffic to the gateway will also be sent to the ftp
> server - I know that will cause packet collisions, but I can live with
> the crappy performance because it's a very low traffic environment. My
> main concern is simply how to assign an address to the ftp server
> without disconnecting the gateway machine.

As your school owns a /26 network (which gives you 62 usable host
addresses, plust the network and broadcast addresses) you can just
assign one of the unused static addresses to the FTP server.  It's as
simple as that.  As this machine is going to be visible on the
Internet, you should contact whoever runs the DNS for your network and
get the machine's hostname and IP number properly registered (ie. both
forward (A) and inverse (PTR) records).

You should setup the FTP server's static address by inserting the
correct data into /etc/rc.conf, rather than attempting to use
DHCP. You can probably extract the correct settings by running
ipconfig in a DOS shell on your Win2000 machine.  As a helpful hint:
the netmask for a /26 is 255.255.255.192 or 0xffffffc0, and the
broadcast address will end with either .63, .127, .191 or .255.
Getting a DHCP service out of the external side of your Windows
gateway machine should not be possible, for proper security.

Don't worry about the Hub being a performance bottleneck -- you'll
hardly notice it against the limitations of T1 bandwidth.  However, do
realise that your FTP server will be exposed to the Internet and some
care will need to be taken to make sure that it is properly secured.
(Running FreeBSD is a very good start in that direction).

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040315/981c5c48/attachment.bin


More information about the freebsd-questions mailing list