> [EMAIL PROTECTED] wrote: >> Following is my configuration. >> >> External Interface------->Internal Interface--------> Rest of network >> 1.2.3.4/24 10.129.10.40/24 >> 1.2.3.5/32 Alias >> >> 1.2.3.5/24 is the IP address all http traffic will come in on. >> 1.2.3.4/32 >> is the IP address all other traffic will come in on. Both of these >> addresses reside on a single NIC with 1.2.3.5 being an alias. >> >> ipnat.rules >> rdr 1.2.3.5/32 port 80 -> 10.129.10.49 port 80 >> map em1 10.129.10.0/24 -> 0.0.0.0/32 >> >> 10.129.10.49 has 10.129.10.40 (my firewall) listed as its default >> gateway. >> When it responds to a request that has been forwarded, how will the >> firewall return the response? Will it return the request on 1.2.3.5? >> >> > I think you should specify the interface and protocol as well, e.g. > rdr xl0 1.2.3.5/32 port 80 -> 10.129.10.49 port 80 tcp > > The response will have 1.2.3.5 as source-address, the nat software > remember that the translation/mapping was done on 1.2.3.5. > > I guess you have already added > gateway_enable="YES" > to the file /etc/rc.conf > > However, it's very bad to let people in to your protected network, if > they can fool your webserver they have control over a internal machine. > If the 10.129.10.0/24 is a DMZ, used only for web/mail etc this is of > course okey to do. > Thank you for the explanation. I thought that was how it worked, but was not sure. Yes, the server in question is only used as a web server.
Thanks again for the explanation. Jay _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
