On Sun, Jun 22, 2003 at 06:15:57PM -0400, fernando@rxp.com wrote:
> hello there.
> i'm about to put together a old box and use it as a firewall and nat. i
> currently have 2 machines. one is a win2k server acting as a nat for the
> other and as a dns server for web sites off location. i'm not sure that if i
> set up the netbsd box, if my dns server will continue to answer queries from
> the web. should i install bind on the netbsd box since it will be taking
> over the public ip address (i don't know how to do that;-)? or should i just

The best solution IMHO, and setting up bind isn't that hard.

> forward port 53 through netbsd to the win2k box? will i see a big hit in
> performance using the fowarding?

This can be done, and the performance impact will be minimal. Of course
the DNS queries will be a few ms slower because of the extra hop.

> 
> also, when i set up the new nat/firewall, i don't want to disconnect the dns
> server until i am ready with the netbsd box. but the only way i have to
> install it now is the NetBSD Firewall Project, wich uses two floppies to
> setup the nics, then downloads the rest of netbsd (minimal for fw). this
> long download will mean my dns will be off line. one of the configurations
> (iirc) is to use a dynamic ip. if i use that to set up, and just let it
> download the setup THROUGH my current nat (the win2k box) then complete the
> install that way, will it be hard to change it from dynamic to static? i
> can't seem to find on the web the info to change the nic configuration to
> static and asign the ip address that the isp gave to me.

I don't know, I don't know this NetBSD Firewall Project. Why don't you
just install NetBSD the normal way (from cd for example, or from ftp
though your NAT box), and then configure it to be the firewall ?
It's really not hard, I guess most of the bits are in the man pages and
in the docs on the www.netbsd.org site.

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 24 ans d'experience feront toujours la difference
--