All,
I am trying to nail down the correct config for seting up DA with a firewall. I have read the MANY discussions in these forums and know that it will not work when you NAT the server to a private ip adress. I saw in a couple posts that you can use a passthrough to make this work.
I do not want to put my DA servers on the open internet so using a firewall is a must. Ill try and explain what I am thinking and would appreciate any sanity checking people can come up with. If I can get this to work I'll be putting it all in a how-to to hopefully save some others the time.
Here is the environment:
1. The platform for DA is FreeBSD 5.3
2. The platform for the firewall is FreeBSD 5.3 with PF for the firewall
3. There are other servers that do not need to actually be on the open internet and could have the public address NATd to them.
4. There is some equipment such as console servers, network switch ips etc that will be on a private LAN.
I attached a jpg of the layout I was thinking about. If it does not show up it can be found here: http://www.enetx.net/eonline.jpg
The thing im trying to figure out is how to do the pass throuh part for the ips. I have always done it where you split the ip range into smaller subnets and put 1 subnet behind the firewall. I dont want to do this here because i will then loose half of the ips I have. I also though of doing a transparent bridge firewall but that will increase the complexity a bit and I need to be able to vpn to the firewall to get access to the private subnets.
Is there anyone that as done this type of thing on FreeBSD before?
Or if anyone has a suggestion let me know. I think I may drop the private ips for the nonDA machine and do the same thing with a pass through for them as well.
Thanks for any input.
Sean
I am trying to nail down the correct config for seting up DA with a firewall. I have read the MANY discussions in these forums and know that it will not work when you NAT the server to a private ip adress. I saw in a couple posts that you can use a passthrough to make this work.
I do not want to put my DA servers on the open internet so using a firewall is a must. Ill try and explain what I am thinking and would appreciate any sanity checking people can come up with. If I can get this to work I'll be putting it all in a how-to to hopefully save some others the time.
Here is the environment:
1. The platform for DA is FreeBSD 5.3
2. The platform for the firewall is FreeBSD 5.3 with PF for the firewall
3. There are other servers that do not need to actually be on the open internet and could have the public address NATd to them.
4. There is some equipment such as console servers, network switch ips etc that will be on a private LAN.
I attached a jpg of the layout I was thinking about. If it does not show up it can be found here: http://www.enetx.net/eonline.jpg
The thing im trying to figure out is how to do the pass throuh part for the ips. I have always done it where you split the ip range into smaller subnets and put 1 subnet behind the firewall. I dont want to do this here because i will then loose half of the ips I have. I also though of doing a transparent bridge firewall but that will increase the complexity a bit and I need to be able to vpn to the firewall to get access to the private subnets.
Is there anyone that as done this type of thing on FreeBSD before?
Or if anyone has a suggestion let me know. I think I may drop the private ips for the nonDA machine and do the same thing with a pass through for them as well.
Thanks for any input.
Sean
