[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: newbie advice question - pf in front of multiple comps...
On Dec 1, 2004, at 11:43 AM, b h wrote:
okay, ignore most of my question - I'm sorry I didn't
figure this before posting (another recent msg on misc
got me to look at this) - looks like binat is what I
Your original message said the protected servers would have publicly
routable addresses, hence the bridge. If you're using RFC1918
addresses instead, then yes, you want binat.
But I'm still confused how the firewall gets these
packets to begin with - is the firewall supposed to
have aliased all the external address?
You can alias them if they're on the same public interface as your
primary address, or you can have them on a dedicated interface. If
you're going to have more than one IP per interface, you'll need
ie, doing binat similar to the following...
xx.xx.xx.3 -> 10.10.10.3
xx.xx.xx.4 -> 10.10.10.4
and the firewall will have (in hostname.fxp0 for ex.)
inet xx.xx.xx.3 0xffffff00 NONE
inet alias xx.xx.xx.4 0xffffff00 NONE
Please read the FAQ and manpages. They are quite good, and would have
answered all of your questions. We're here to help, but you need to
try and help yourself too. :)