[EMAIL PROTECTED] wrote:

I have a friend with a cisco 827 adsl router. It has config hassles but
when that is sorted, we need to setup a freebsd box inside the cisco
router to handle a /29 block of ips. 3 questions...

I'm running an identical setup here - a Cisco 827, a /29, and a FreeBSD machine (or two) performing NAT for my LAN.

a) Should I assume the cisco is not the worlds greatest firewall and setup
the freebsd machine as one (creating a dmz)

The Cisco will be "adequate," but I prefer the ease of use and added functions a FreeBSD machine running IP Filter/IPNAT, but that's just me.

b) The /29 block is routed by the ISP to  the cisco device. I guess we
need to place a static route on the cisco gadget that directs any of the
incoming /29 block request onto the freebsd box...Correct?

I have my 827 set up as a very basic bridge. This means that instead of the /29 "terminating," so to speak, on the 827, each of my allocated IP addresses is available directly on an ethernet interface on one of two FreeBSD machines.

As a partial answer to part C, if you bridge the /29 to the FreeBSD machine, you can easily configure IPF and IPNAT to port-forward to various internet servers as required. Personally, the machine I have performing NAT (with my /29 on one interface and a private /24 on the other) for my internal network also runs various services. It's not an ideal setup, but it is functional and easy to maintain.

Sorry I can't answer the rest of your questions, my brain is still enjoying the aftereffects of a big Friday night :)

--Steven

_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to