Date: Fri, 24 Nov 2000 12:47:43 +0100 (CET) From: Toni Pisjak <pisjak@dbai.tuwien.ac.at> To: <danielb@pacex.net> Cc: <freebsd-questions@freebsd.org>, Admin <admin@dbai.tuwien.ac.at> Subject: RE: ipfw on multiple NICs Message-ID: <Pine.BSF.4.30.0011241239530.23534-100000@procyon.dbai.tuwien.ac.at>
next in thread | raw e-mail | index | archive | help
Hello ! It's a long time ago, that you wrote this message, but perhaps you still remember what you did at that time, to setup your firewall. These days i have the same problem, namely i cannot get the packages *through* the firewall. They arrive at one NIC, but don't reach the other NIC, though i tried all the suggestions explained below. Were these suggestions sufficient for you, or did you have to do something additional? Thanks in advance: Toni. ------------------------------------------------------------- On Sun, 9 May 1999, daniel B wrote: > I am in the process of setting up a firewall for my internal Freebsd LAN > The network looks like this: > > Internet-----[ DSL router ]----[ fbsd firewall ]----[ LAN ] > ep1 ep0 > > I have compiled my kernel for IPFIREWALL_VERBOSE > Added support for net interface ep1 in kernel > Enabled ipfw in the /etc/rc.conf > and I am using the 'simple' rule-set in /etc/rc.firewall to test setup > All machines (router, firewall and LAN) are on the same subnet /27 > All vital services DNS, HTTP and SMTP are running on the LAN machines > > My questions are: > 1.) What kind of gateway or routing mechanism should I use to force > incoming packets from the Internet to arrive at ep1 and pass through the > firewall and to ep0 and to the LAN > > 2.) outgoing packets from LAN to pass through ep0, firewall, ep1, router > and to the Internet. > > The LAN consept here is probably misleading because all machines are in > the same /27 subnet. Turn 'gateway_enable=YES' on in /etc/rc.conf, configure your interfaces, add a default route, and you should be set to go. I would _highly_ suggest saving some cash and setting up natd on the firewall. Doug White Internet: dwhite@resnet.uoregon.edu | FreeBSD: The Power to Serve http://gladstone.uoregon.edu/~dwhite | www.freebsd.org -------------------------------------------------------------------- -- Toni Pisjak Technische Universitaet Wien pisjak@dbai.tuwien.ac.at http://www.dbai.tuwien.ac.at To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.30.0011241239530.23534-100000>