bypassing a proxy server
Toomas Aas
toomas.aas at raad.tartu.ee
Mon Mar 15 08:09:46 PST 2004
Hi!
> Furthermore, I want the FreeBSD machine to run an anonymous ftp
> server. Forgive the crappy drawing (I never claimed to be an artist),
> but this is how the network looks at the moment (except that there
> are 10 Windows clients, not 2):
>
>
> |-------|
> |windows|
> |------------| |------| |client |
> | Win2000 | | |----|-------|
> T1--------|proxy server|----|switch|
> | & gateway | | |----|-------|
> |------------| |---|--| |windows|
> | |client |
> | |-------|
> |
> |-----|----|
> | FBSD ftp |
> | server |
> |----------|
>
> OK, I'm convinced, running a ftp server from a NAT gateway is a
> disaster. So I'm looking for a way around it. I have an old unused hub,
> and I've been thinking that this might be a possible solution (sort of
> like a DMZ?)...
>
> |-------|
> |windows|
> |------------| |------| |client |
> | Win2000 | | |----|-------|
> T1--HUB---|proxy server|----|switch|
> | | & gateway | | |----|-------|
> | |------------| |------| |windows|
> | |client |
> | |-------|
> |
> |----|-----|
> | FBSD ftp |
> | server |
> |----------|
Yes, with that kind of setup your FTP server is likely to be much
better accessible than with the previous one :-)
Assuming, of course, that the external interface of Windows 2000 server
is Ethernet and there are no tricks like PPPoE involved.
> The only problem I see here is I don't know how I'm going to get an
> address for the ftp server. The Win2000 gateway has a static address, it
> dishes out addresses to the clients with dhcp. The NAT addresses are of
> course internal addresses like 10.0.0.12, but the school does own a
> block of 64 static addresses.
Well, then you just need to ask your school's admin to give you one of
those static (I assume you mean public?) addresses and assign it to
your FreeBSD machine manually.
> If I simply stick a hub in front of the gateway machine, all traffic
> to the gateway will also be sent to the ftp server - I know that will
> cause packet collisions, but I can live with the crappy performance
> because it's a very low traffic environment. My main concern is
> simply how to assign an address to the ftp server without
> disconnecting the gateway machine.
You just need to assign an address which is different from that of the
public interface of the Windows server :-) Otherwise the Windows admin
*will* come for your head :-)
--
Toomas Aas | toomas.aas at raad.tartu.ee | http://www.raad.tartu.ee/~toomas/
* I've got a life but it won't run on my operating system.
More information about the freebsd-questions
mailing list