[EMAIL PROTECTED] wrote:
Following is my configuration.
External Interface------->Internal Interface--------> Rest of network
1.2.3.4/24 10.129.10.40/24
1.2.3.5/32 Alias
1.2.3.5/24 is the IP address all http traffic will come in on. 1.2.3.4/32
is the IP address all other traffic will come in on. Both of these
addresses reside on a single NIC with 1.2.3.5 being an alias.
ipnat.rules
rdr 1.2.3.5/32 port 80 -> 10.129.10.49 port 80
map em1 10.129.10.0/24 -> 0.0.0.0/32
10.129.10.49 has 10.129.10.40 (my firewall) listed as its default gateway.
When it responds to a request that has been forwarded, how will the
firewall return the response? Will it return the request on 1.2.3.5?
I think you should specify the interface and protocol as well, e.g.
rdr xl0 1.2.3.5/32 port 80 -> 10.129.10.49 port 80 tcp
The response will have 1.2.3.5 as source-address, the nat software
remember that the translation/mapping was done on 1.2.3.5.
I guess you have already added
gateway_enable="YES"
to the file /etc/rc.conf
However, it's very bad to let people in to your protected network, if
they can fool your webserver they have control over a internal machine.
If the 10.129.10.0/24 is a DMZ, used only for web/mail etc this is of
course okey to do.
--
Christer Hermansson
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
