Mixing bridge & router in one box.

samsam9988

samsam9988

Hi I am wondering if it is common practice to set up bridge mode and use PF NAT in a FreeBSD box?

Currently I am using FreeBSD 10.0, with 3 useable public IP addresses (one is assigned to PPPoE), and I want to bridge the PPPoE/tun0 public IP to the other 2 public IPs, and then use NAT (from PF) to translate IP address to private IP (10.0.1.254 and 192.168.1.254).

Do I have to rebuild kernel for bridging for FreeBSD 10?

Greatly appreciate any inputs and responses.

Sam
 
Here is my current configruration:

tun0 -- bridged to em0 (with public IP 1)
tun0 -- bridged to em1 (with public IP 2)
tun0 -- NAT to em2 (10.0.1.254)
tun0 -- NAT to em3 (192.168.1.254).
And gateway_enabled="yes".

Thanks.
Sam
 
Are you referring to an interface bridge as in a bridge(4) device that would show up under ifconfig(8)? You don't need any special configuration for that, just define it under rc.conf(). Now, reading what you are saying... I think you don't understand that routing and bridging are separate network concepts that work at different layers. Can you explain why you think you need to use bridging? What is the end result you are trying to accomplish?
 
I know there are some confusion in my previous post.

I have been given 2 more public IP addresses from ISP. I want to assign each of this additional pub IP to my web server. I have 2 web servers are going live soon.

I think I can achieve it by having all 3 connections (2 servers and 1 ordinary internet connection) connect to the back of the bridge moment as follow:


I will configure my modem as a bridge modem, it is a D-Link ADSL2+ modem.
If I do that I think I can have my two servers establish pppoe connection through the modem simultaneously and have the two different pub ip assigned by the ISP.
The modem have 5 ports at the back, I think I can have 3 pppoe connections go to the back of the modem.

Is this the usual way for using the pub IP addresses that assigned by ISP?

Thanks
Sam
 
This is how I would envision the setup being based off my understand of what you are going for.

ADSL Modem (Routed not bridged) with 2 IP addresses and port forwarding
- redirect from any to IP1 port 80 -> x.x.x.1 # for web server 1
- redirect from any to IP2 port 80 -> x.x.x.2 # for web server 2

Your server(s) just listen on an internal IP they need to receive traffic on.

Are you envisioning having the publically routable IP addresses assigned on the server(s) and using the ADSL modem as a transparent bridge?
 
junovitch said:
This is how I would envision the setup being based off my understand of what you are going for.

ADSL Modem (Routed not bridged) with 2 IP addresses and port forwarding
- redirect from any to IP1 port 80 -> x.x.x.1 # for web server 1
- redirect from any to IP2 port 80 -> x.x.x.2 # for web server 2

Your server(s) just listen on an internal IP they need to receive traffic on.

Are you envisioning having the publically routable IP addresses assigned on the server(s) and using the ADSL modem as a transparent bridge?
Click to expand...

With the redirection setup in the modem, my server will need to use class C ip addresses.
Is this will affect the google ranking of my server?
Is there anyway I can assign these two additional public ip addresses to my two web servers?


Thanks & Best Regards
Sam
 
samsam9988 said:
With the redirection setup in the modem, my server will need to use class C ip addresses.
Is this will affect the google ranking of my server?
Click to expand...

Think about it for a second. To the outside world port 80 on that IP is still your site. When Google crawls the web it will find the site there as long as it's on port 80 and it won't matter what the real internal address of the server is.

samsam9988 said:
Is there anyway I can assign these two additional public ip addresses to my two web servers?

Thanks & Best Regards
Sam
Click to expand...

You can assign them directly to the servers; but then you would have to do the bridging on that D-Link which may not even be possible.
 
junovitch said:
You can assign them directly to the servers; but then you would have to do the bridging on that D-Link which may not even be possible.
Click to expand...

That a why I want to set up a FreeBSD bridge after the D Link modem (also in bridge mode) in the first place.

Thanks
Sam
 
You would still have the same issue though. You still need to do a port forward at your router. There's no point in adding more devices and complexity. Just port forward from the router to IPs on your LAN.
 
You must log in or register to reply here.
Back
Top