A routing/IP/NIC query < Expert required

Han Hwei Woo hhwoo at argosy.ca
Sat Jun 28 15:52:38 PDT 2003 

Sorry, some of the things you said were kind of confusing.

1) Do your xxx.xxx.xxx.* IP's = 10.0.0.*? If not, why bother with the
10.0.0.* IP's?
2) I think you are just setting up a typical NAT configuration, but correct
me if I'm wrong.
3) What do you mean by "2 ip live servers inside the firewall" exactly? If
you mean you have, for example, a webserver and an ftp server on
non-routable IP's on your internal network, you can simply setup ipnat rules
to direct them to the right place based on the port. For example:

map fxp0 xxx.xxx.xxx.0/24 -> 0/32
rdr fxp0 yyy.yyy.yyy.yyy/32 port 80 -> xxx.xxx.xxx.www
rdr fxp0 yyy.yyy.yyy.yyy/32 port 21 -> xxx.xxx.xxx.ftp

In any event, additional internal IP aliases on your internal interface will
not help you to uniquely identify incoming connections for more than 1
server.




----- Original Message ----- 
From: "Keith Spencer" <bsd2000au at yahoo.com.au>
To: <freebsd-questions at freebsd.org>
Sent: Saturday, June 28, 2003 7:25 PM
Subject: A routing/IP/NIC query < Expert required


> Hi all,
> I have a new adsl isp allocating my fbsd 4.7 box a
> routable IP (end user ip)
> I have 32 (read that as 30) ips of my own to use and
> route for my domain.
> I have 2 NICs in the gateway/router
> How should I setup the IPs and aliases etc. I
> figure...
> (yyy.yyy.yyy.yyy = ISP end user ip they gave me)
> (xxx.xxx.xxx.xx1 = 1st usable ip in my 32 ip range)
> (xxx.xxx.xxx.xx2 = 2nd usable ip in my 32 ip range)
>
>          GATEWAY MACHINE
>
>             ADSL MODEM
>                |
>      |---------|--------|
>      |  yyy.yyy.yyy.yyy |
>      |  xxx.xxx.xxx.xx1 |
>      |         |        |
>      |       fxp0 NIC   |
>      |                  |
>      |                  |
>      |       dc0 NIC    |
>      |         |        |
>      |       10.0.0.1   |
>      |                  |
>      |__________________|
>
> Or do I also need an xxx.xxx.xxx.xx3 alias on the dc0
>  because I have 2 ip live servers inside the firewall.
> I think I do! Am I right or am I right?
> I have ipfilter on this machine with ipnat setup tonat
> the 10.0.0.0 addresses.
> Also, I suppose I could setup ipnat to do mapping of
> xxx.xxx.xxx.xxn addresses into 10.0.0.n private
> address.
> what say you?
> Thanks
> Keith
>
>
>
>
>
>
>
>
>
>
>
> http://mobile.yahoo.com.au - Yahoo! Mobile
> - Check & compose your email via SMS on your Telstra or Vodafone mobile.
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"
>

More information about the freebsd-questions mailing list