On Mon, 30 Apr 2001 14:03:04 -0500 (CDT), Nick Rogness wrote:
> On Mon, 30 Apr 2001, John Wilson wrote:
> > This seems like a good solution. Please help me figure out the
> > subnets/routes I need to use. So far, I have this:
> >
> > /---------------------\
> > | router 90.91.92.1 |
> > \---------------------/
> > |
> > |
> > /---------------------\ /---------------------\
> > | fxp0 90.91.92.2/30 |---| fxp1 90.91.92.?/? |
> > \---------------------/ \---------------------/
> > -| | |-----------
> > | | |
> > /-------\ /-------\ /-------\
> > | NAT 1 | | NAT 2 | | DMZ |
> > \-------/ \-------/ \-------/
> >
> > All I gotta do is fill in the missing blanks :)
>
>
> fxp1= 90.91.92.17 netmask 255.255.255.240
>
> All DMZ machines (90.91.92.18 -> 90.91.92.30) are setup with the
> same netmask (255.255.255.240) and point to .17 as there gateway.
Sounds good! Do I need to do anything special on the router?
As a side question, do you think a single 600MHz P3 w/128Mb RAM (and not too
many firewall rules) can handle ~100 NAT clients?
Thanks
John
>
> I would, however, change your physcial setup by splitting off your
> DMZ onto it's own ethernet card and switch like so:
>
> Public (Router)
> |
> fxp0
> |
> BSD --fxp2---DMZ
> |
> fxp1
> |
> Private Net
> / \
> nat1 nat2
>
> It just makes more sense security wise and makes administration a
> little less difficult. It also gives you more options with
> firewalling and such.
>
>
> Nick Rogness <[EMAIL PROTECTED]>
> - Keep on Routing in a Free World...
> "FreeBSD: The Power to Serve!"
_______________________________________________________
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
