Moving From NAT to Multiple IPs - Server Considerations

bsd at bathnetworks.com bsd at bathnetworks.com
Sat Jun 17 17:40:17 UTC 2006 

> Hello,
>
> I've recently started to work from home so the limitations of one IP
> address are really starting to gripe me.
>
> I've asked my ISP to order me a block of 8 ips. What considerations so I
> be looking at when managing the IP server address change.
>
> I'm not too concerned about the services going offline as they are not
> used for anything critical and in any case services such as SMTP and
> incoming e-mail have fail safes provided by my dns provider.
>
> Do I need to install IPFirewall or will the server just close all the
> ports that it is not using and be fine and dandy that way. Any
> recommendations on good articles for installing IPFW. I've googled but I
> am looking for something which allows me to do the basics but also talks
> about the more advanced stuff such as blocking logins on SSH after x
> attempts.
>
> How do I manage the change from NAT to multi Ips. Does the server still
> get given an internal IP address on the lan and then the router redirects
> the external IP to that machine or does the machine have to be told that
> it is now listening on IPs x, y and z.
>
> Any help appreciated.
>
> Cheers
> Richard
>
>
> --
> Richard Collyer
> richard at firebadger.net

Hi Richard,

You have asked a number of questions in one here. There are a number of
ways to do what I think you are trying to do. The way I have my systems
setup is problably the simplest but it depends on what you want.

My setup is the modem (no NAT or Firewall) on the 1st IP of the block (my
ISP calls it this the gateway address) this connects to a switch. I have a
firewall/nat/router (smoothwall) connected to the switch which does the
NATing etc to my internal network. The servers (Web, mail etc) have 2
ethernet connections, the 1st is on the external switch with an external
IP and all the ports closed except those necessary for the function. The
2nd (if you like the control connection) on the internal network with
things like the ssh oport open.

There are plenty of Howtos on IPF etc - just use Google. Also have a look
at the smoothwall site, IPcop is also good.

Hope this has given you some ideas. However, please remember anything
connected to an external ip does need a firwall.

Rob

More information about the freebsd-questions mailing list