From owner-freebsd-net@FreeBSD.ORG  Thu Aug  7 00:56:02 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1A76537B401
	for <freebsd-net@freebsd.org>; Thu,  7 Aug 2003 00:56:02 -0700 (PDT)
Received: from juergen.edv-winter.de (juergen.edv-winter.de [195.226.65.65])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 30B8B43FA3
	for <freebsd-net@freebsd.org>; Thu,  7 Aug 2003 00:56:01 -0700 (PDT)
	(envelope-from ar@g23.org)
Received: from localhost (localhost [127.0.0.1])
	by juergen.edv-winter.de (8.12.9/8.12.9) with ESMTP id h777xIm6087432
	for <freebsd-net@freebsd.org>; Thu, 7 Aug 2003 09:59:18 +0200 (CEST)
	(envelope-from ar@g23.org)
Date: Thu, 7 Aug 2003 09:59:18 +0200 (CEST)
From: Andre Rein <ar@g23.org>
X-X-Sender: ar@juergen.edv-winter.de
To: freebsd-net@freebsd.org
Message-ID: <20030807094647.X77217@juergen.edv-winter.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: Firewall with RFC1918 transfer network 
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Aug 2003 07:56:02 -0000

Hi,

I set up a Firewall for our official Network and use a RFC1918 conform
transfer network to communicate to the router.

Here are my interfaces:

fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
  inet 192.168.55.74 netmask 0xfffffffc broadcast 192.168.55.75
fxp1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
  inet 195.226.65.125 netmask 0xffffffc0 broadcast 195.226.65.127
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
  inet 10.0.0.126 netmask 0xffffff00 broadcast 10.0.0.255

My routing table:

default            192.168.55.73      UGSc        1   822551   fxp0
10/24              link#3             UC          2        0    vr0
10.0.0.65          00:50:ba:fb:dc:13  UHLW        1    42895    vr0    473
10.0.0.254         00:60:b0:6b:08:f3  UHLW        1     1428    vr0    694
127.0.0.1          127.0.0.1          UH          0     2904    lo0
192.168.55.72/30   link#1             UC          3        0   fxp0
192.168.55.73      00:0c:ce:6c:de:53  UHLW        1        0   fxp0   1023
192.168.55.74      00:60:b0:67:e8:01  UHLW        0        2    lo0
192.168.55.75      ff:ff:ff:ff:ff:ff  UHLWb       0        4   fxp0
195.226.65.64      ff:ff:ff:ff:ff:ff  UHLWb       0       53   fxp1 =>
195.226.65.64/26   link#2             UC         19        0   fxp1
195.226.65.65      00:60:97:b8:7f:89  UHLW        0    48419   fxp1   1098
195.226.65.66      00:60:97:b8:7f:89  UHLW        0      133   fxp1    160
195.226.65.67      00:60:97:b8:7f:89  UHLW        0        6   fxp1    161
....

       fxp1 		   fxp0
|DMZ|--------|Firewall|-------------|Router|-----------|INET|
                 |
                 |
                 |  vr0
                 |
                 |
                 -
              back network
                 _


Everything works fine from my official network to the outside and from the
outside to my onet, except the firewall itself.She uses the ip
192.168.55.74 to communicate to the outside.

Is there any way to tell her that she have to use her oip 195.226.65.125
from fxp1?

greetings

Andre Rein

-- 

"And some greetings from the Toaster"