On Mon, 30 Apr 2001, John Wilson wrote:
> > /---------------------\
> > | router 90.91.92.1 |
> > \---------------------/
> > |
> > |
> > /---------------------\ /---------------------\
> > | fxp0 90.91.92.2/30 |---| fxp1 90.91.92.?/? |
> > \---------------------/ \---------------------/
> > -| | |-----------
> > | | |
> > /-------\ /-------\ /-------\
> > | NAT 1 | | NAT 2 | | DMZ |
> > \-------/ \-------/ \-------/
> >
> > All I gotta do is fill in the missing blanks :)
>
>
> fxp1= 90.91.92.17 netmask 255.255.255.240
>
> All DMZ machines (90.91.92.18 -> 90.91.92.30) are setup with the
> same netmask (255.255.255.240) and point to .17 as there gateway.
>
>
> Sounds good! Do I need to do anything special on the router?
Route the network: 90.91.92.16/28 to your BSD machine: 90.91.92.2
Also, Make sure that the router ethernet interface has a .252
subnet mask or you will have problems.
>
> As a side question, do you think a single 600MHz P3 w/128Mb RAM (and
> not too many firewall rules) can handle ~100 NAT clients?
Depends on what they are doing...but it should be sufficient.
On another side note, I would seriously look at splitting off your
DMZ to another network...but, of course, it's your ass not mine.
Nick Rogness <[EMAIL PROTECTED]>
- Keep on Routing in a Free World...
"FreeBSD: The Power to Serve!"
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
