Date: Wed, 12 May 1999 13:35:34 -0700 (PDT) From: Doug White <dwhite@resnet.uoregon.edu> To: daniel B <danielb@pacex.net> Cc: freebsd-questions@FreeBSD.ORG Subject: RE: ipfw on multiple NICs Message-ID: <Pine.BSF.4.03.9905121334410.23756-100000@resnet.uoregon.edu> In-Reply-To: <Pine.BSF.3.96.990509122924.17751A-100000@almazs.pacex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 9 May 1999, daniel B wrote: > I am in the process of setting up a firewall for my internal Freebsd LAN > The network looks like this: > > Internet-----[ DSL router ]----[ fbsd firewall ]----[ LAN ] > ep1 ep0 > > I have compiled my kernel for IPFIREWALL_VERBOSE > Added support for net interface ep1 in kernel > Enabled ipfw in the /etc/rc.conf > and I am using the 'simple' rule-set in /etc/rc.firewall to test setup > All machines (router, firewall and LAN) are on the same subnet /27 > All vital services DNS, HTTP and SMTP are running on the LAN machines > > My questions are: > 1.) What kind of gateway or routing mechanism should I use to force > incoming packets from the Internet to arrive at ep1 and pass through the > firewall and to ep0 and to the LAN > > 2.) outgoing packets from LAN to pass through ep0, firewall, ep1, router > and to the Internet. > > The LAN consept here is probably misleading because all machines are in > the same /27 subnet. Turn 'gateway_enable=YES' on in /etc/rc.conf, configure your interfaces, add a default route, and you should be set to go. I would _highly_ suggest saving some cash and setting up natd on the firewall. Doug White Internet: dwhite@resnet.uoregon.edu | FreeBSD: The Power to Serve http://gladstone.uoregon.edu/~dwhite | www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.03.9905121334410.23756-100000>