HI and thanks,
Cool! I am OK with the fbsd stuff ipfilter ipnat etc. I garee it is nice.
The small matter of the cisco thing...hmmm!
OK...so would it be ok to ask another question or 2 later if today is bad?
I need to know how to "bridge" the /29 on the cisco.
does it mean I simply install static routing on the cisco by doing
ip classless (default)
ip route 203.44.288.0 255.255.255.248 ethernet0 10.0.0.2
no ip http server (default)
(NOTE: 10.0.0.2 is the ip of the fbsd box, 10.0.0.1 is the ethernet0 ip of
I have read the cisco docs but is slightly foreign language to me.
I would greatly appreciate it. My balls are now on the line here. I should
never volunteer to help!?
Am i close?
> [EMAIL PROTECTED] wrote:
>>I have a friend with a cisco 827 adsl router. It has config hassles but
>> when that is sorted, we need to setup a freebsd box inside the cisco
>> router to handle a /29 block of ips. 3 questions...
> I'm running an identical setup here - a Cisco 827, a /29, and a FreeBSD
> machine (or two) performing NAT for my LAN.
>>a) Should I assume the cisco is not the worlds greatest firewall and
>> setup the freebsd machine as one (creating a dmz)
> The Cisco will be "adequate," but I prefer the ease of use and added
> functions a FreeBSD machine running IP Filter/IPNAT, but that's just me.
>>b) The /29 block is routed by the ISP to the cisco device. I guess we
>> need to place a static route on the cisco gadget that directs any of
>> the incoming /29 block request onto the freebsd box...Correct?
> I have my 827 set up as a very basic bridge. This means that instead of
> the /29 "terminating," so to speak, on the 827, each of my allocated IP
> addresses is available directly on an ethernet interface on one of two
> FreeBSD machines.
> As a partial answer to part C, if you bridge the /29 to the FreeBSD
> machine, you can easily configure IPF and IPNAT to port-forward to
> various internet servers as required. Personally, the machine I have
> performing NAT (with my /29 on one interface and a private /24 on the
> other) for my internal network also runs various services. It's not an
> ideal setup, but it is functional and easy to maintain.
> Sorry I can't answer the rest of your questions, my brain is still
> enjoying the aftereffects of a big Friday night :)
> [EMAIL PROTECTED] mailing list
> To unsubscribe, send any mail to
> "[EMAIL PROTECTED]"
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"