[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Fwd: newbie advice question - pf in front of multiple comps...

--- b h <[email protected]> wrote:
> Hi,
> I'm sorry for the newbie advice question.
> I've ran OpenBSD for a couple years, and pf as well,
> performing straight forward NAT, rdr, etc....  all
> with the firewall having one public internet
> routable
> address, and multiple machines behind with private
> addresses..
> however, someone at my work wants me to install a
> firewall at a colo site - in front of say, six
> machines, all with public internet routable
> addresses...
> so - I know this is likely a really stupid question,
> but how do I manage this?  does the firewall have a
> bunch of aliased IP addresses and rdr respectively
> to
> private addresses behind?  is bgp (I know nothing
> about yet) something that I need/should be using?
> Another thing of note, some of these machines will
> be
> running similar services, such as two different
> machines running httpd...
> sorry - please point me to the correct section I've
> missed in the FAQ or something I can research more
> on...
okay, ignore most of my question - I'm sorry I didn't
figure this before posting (another recent msg on misc
got me to look at this) - looks like binat is what I
But I'm still confused how the firewall gets these
packets to begin with - is the firewall supposed to
have aliased all the external address?
ie, doing binat similar to the following... 
xx.xx.xx.3 ->
xx.xx.xx.4 ->
and the firewall will have (in hostname.fxp0 for ex.)
inet xx.xx.xx.3 0xffffff00 NONE
inet alias xx.xx.xx.4 0xffffff00 NONE
Do you Yahoo!? 
Yahoo! Mail - Helps protect you from nasty viruses.