Daemon News Ezine BSD News BSD Mall BSD Support Forum BSD Advocacy BSD Updates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]

Essentially I would like to bridge and route in one box, doing natd on the
routed net, using three cards. ie

     isdn                    firewall          
isp ------ Cisco804 -------- ed0 ed1 -------- intranet/non-private ip's
                      dmz      ed2
                                |  (natd)
                                +------------ intranet/private 10/8

I've got a 4 bit subnet from the isp that I want to split between the
segements attatched to ed0 and ed1 as flexibly as possible so I would like
to bridge between ed0 (which I gather should be configured with an ip) and
ed1 (which should not have an ip). All possible and the function of a
bridging firewall.

Now, I would like to also have another private address segment which
utilizes natd and is able to talk to both the ed0 and ed1 side.

All the while being able to make use of ipfw's rules of course. 

Possible or out of the question?

My basic problem is deciding how to make the best use of the ip addresses
they are giving us. Currently we have 1 ip address and are using natd
over a dedicated dial up. Moving to a new provider and we're being given
15 addresses. Now I could keep my current intranet just as it is and
replace my ppp0 interface with an ed1 and using the ip addresses for
things in the dmz. So....

     isdn                    firewall          
isp ------ Cisco804 -------- ed0 ed1 -------- intranet/private ip's
                      dmz              natd

Just that I don't have a use currently for all of the ips in the dmz and
its like that I won't in the near future. I could slpit them in two but
that only leave's 6 addresses that could be used on the intranet and isn't
sufficient for the device count without having the mixxed
private(natd') and non-private addresses.

Another alternatve I've seen mentioned is to use a private network space
in the dmz and use all the rest on the intranet side but this doesn't seem
as flexible.

Thoughts, ideas or directions?


Darren Henderson                                  darren@xxxxxxxxxxxxx

                   Help fight junk e-mail, visit http://www.cauce.org/

To Unsubscribe: send mail to majordomo@xxxxxxxxxxx
with "unsubscribe freebsd-ipfw" in the body of the message