DMZ
Emre Bastuz
info at emre.de
Mon Apr 7 10:58:16 PDT 2003
Hi Dominic,
Zitat von "D.Pageau" <dpageau at infodev.ca>:
[...]
I believe the best way would be asking your ISP for another
/30 subnet and a static routing entry for 216.1.1.0/28
to the firewall side of the new point-to-point link.
You could then use the full /28 on your DMZ and the
additional IP on rl0 for NATing your RFC1918 address
space on rl2.
If it´s not possible to get another /30 you might configure
the 828 to have a point-to-point link using also private address
space (say 172.16.0.0/30) and still having a static routing entry
to the IP of rl0 on the 828.
Using private address space on PTP links sometimes leads to confusion
though, as this part of your connectivity will not show up on an external
(i.e. another ISP) traceroute.
It´s a question of taste i believe.
I´d prefer the first choice if possible (depends much on the "quality" of
your ISP).
Regards,
Emre
--
Emre Bastuz
info at emre.de http://www.emre.de
UIN: 561260 PGP Key ID: 0xAFAC77FD
More information about the freebsd-isp
mailing list