"Jonas Sonntag" <[EMAIL PROTECTED]> writes: > so...is it possible this way, or would it be far smarter to plug a third nic > into the fbsd box only for bridging ? > > thanks for any advice
I don't know if it's possible that way; I'm no expert. But I've read that it's foolish to put a public server (especially one with "soft" in it's name) on the same side of your firewall as your private hosts. You're supposed to assume that it will be cracked and treat it with as much fear as any other host on the Internet. The down side is that after you add the third NIC, you'll need to create two, or probably three, sets of firewall rules (LAN-Inet, DMZ-Inet, probably LAN-DMZ). (I once did it with all public IP addresses and routing, but it should be easier with NAT. I wish I had tried it with bridging; it was easy for a two-legged case, but I don't know for the three-legged case. I suspect I could have avoided my many routing problems (my 3-bit subnet could only support two subsubnets while three were "required").) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
