I have been using http://www.ipcop.org/ for firewalls
Here is a reveiw of the product. http://www.samag.com/documents/s=9023/sam0402a/0402a.htm It will take multipal IP address on the outside and port forward them inside per port. Also will create DMZ zone. -Jay www.iowalug.org Quoting "Ted Kat." <[EMAIL PROTECTED]>: > > --- 02fun-u2 <[EMAIL PROTECTED]> wrote: > > > > i was thinking that i might have to get multi IP > > > > this is the setup > > > > ____bsd.box > > / > > _______ / > > | |___eth1 dmz ______linux.box > > eth0 ___| FW | > > wan | | > > |______|___eth2 lan > > > > > > first 'trafic' is all services such as ftp, http, etc > > > > what i was thinking that all the trafic going to Example.bsd.com > > domaine would go to ip on eth0 and then get sent to the private > > ip of bsd box. same w/ linux > > In order to do that you need a public routable ips and dns. > As I understand it you can't route to private ips from a public one, > Unless... > > > but i was thinking how is it going to know what http, ftp trafic > > goes to bsd unless an ip is involved, how can it tell bsd > > from linux. > > your eth0 firewall could forward the ports to private boxes because to > an outside ip it looks as if it were comming from the firewall itself. > > if your firewall was a linux box you could do this > > iptables -t nat -A PREROUTING --dst internet_ip -p tcp --dport 80 -j > DNAT --to-destination BSD_ip > > or make your firewall completely transparent by doing this > > iptables -t nat -A PREROUTING --dst internet_ip -j DNAT > --to-destination BSD_ip > > also if your behind the firewall you'll have to do this as well! > > iptables -t nat -A POSTROUTING -p tcp --dst internet_ip --dport 80 -j > SNAT --to-source BSD_ip > > > > i think what i'm looking at is a thing called one to one nat. > > or maybe bridging. > > one to one nat is possibable here. It just means that you make your > firewall redirect all ports to a lan server > > #make your firewall completely transparent by doing this > > iptables -t nat -A PREROUTING --dst internet_ip -j DNAT > --to-destination BSD_ip > > Hope this helps > > ===== > Ted Katseres > ---------------- > ------------------------ > -------------------------------- > > __________________________________ > Do you Yahoo!? > Yahoo! SiteBuilder - Free web site building tool. Try it! > http://webhosting.yahoo.com/ps/sb/ >
