NAT, VPN and other SOHO router advice
Chuck Swiger
cswiger at mac.com
Fri Apr 7 16:56:07 UTC 2006
Nick Stenning wrote:
>> Given what you've said, you should set up the FreeBSD machine as a bridge
>> rather than a router.
>
> Having now read the manpage for bridge(4) and if_bridge(4), I am not
> certain that this is going to achieve what I want to achieve. I'm told
> by the FreeBSD HB that "The consensus is that assigning both cards an
> address is a bad idea."
>
> Since I want rl1 to have a public IP block and rl0 to have a private
> IP, I assume this isn't going to work. So, router it is.
In which case, your Vigor 2600's internal interface and your FreeBSD box
would need to be using public IPs, which means you can't use the Vigor to do
the NAT and VPN, which was also something you wanted.
> Now, for this VPN. I reckon my best bet is to run the PPTP client from
> the BSD box, no?
Yes. Have your ISP set up the Vigor's internal interface with a /30 subnet,
or however many public IP's you've got, and then set up OpenVPN on the
FreeBSD box, or whatever other VPN/PPTP software you'd like...
--
-Chuck
More information about the freebsd-questions
mailing list