From owner-freebsd-questions Wed Jun 28 22:44:37 2000 Delivered-To: freebsd-questions@freebsd.org Received: from merlin.prod.itd.earthlink.net (merlin.prod.itd.earthlink.net [207.217.120.156]) by hub.freebsd.org (Postfix) with ESMTP id BFD4437B9D3 for ; Wed, 28 Jun 2000 22:44:34 -0700 (PDT) (envelope-from cjc@earthlink.net) Received: from dialin-client.earthlink.net (pool1265.cvx20-bradley.dialup.earthlink.net [209.179.254.245]) by merlin.prod.itd.earthlink.net (8.9.3-EL_1_3/8.9.3) with ESMTP id WAA14418; Wed, 28 Jun 2000 22:44:28 -0700 (PDT) Received: (from cjc@localhost) by dialin-client.earthlink.net (8.9.3/8.9.3) id WAA00660; Wed, 28 Jun 2000 22:42:56 -0700 (PDT) Date: Wed, 28 Jun 2000 22:42:15 -0700 From: "Crist J. Clark" To: "Robert M. Shields" Cc: "Daniel J Cain Jr." , freebsd-questions@FreeBSD.ORG Subject: Re: DSL / Routing / ipfw issues Message-ID: <20000628224215.D451@dialin-client.earthlink.net> Reply-To: cjclark@alum.mit.edu References: <395A99D5.86C65388@bnswest.net> <003c01bfe16e$5729e9c0$0200a8c0@home.matrix.oss.uswest.net> <395AB9BF.C0618989@bnswest.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <395AB9BF.C0618989@bnswest.net>; from wildcard@bnswest.net on Wed, Jun 28, 2000 at 07:51:43PM -0700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, Jun 28, 2000 at 07:51:43PM -0700, Robert M. Shields wrote: > I had the firewall box enabled as a gateway with NAT onto the 2nd network to > begin with... ( I guess that was relevant info, huh? ) I could ping the fxp0 > interface from any system on the LAN, but when I tried to reach the 675 on the > doze boxes, the packet would always time out. > > Which is why I was looking into turning the firewall into a network bridge, > to avoid all that hoopla with running NAT twice. It's my understanding while > acting a a bridge the firewall can just pass packets back and forth between > networks, just as if they were physically connected, without any name > translation or routing needed. Or should I just say screw it, loose the > firewall and use the NAT and packet filtering in the 675? No need to run NAT twice. If you just want the FreeBSD box for firewalling, do not bridge either. Just setup the FreeBSD box with firewalling and IP forwarding enabled. Make sure to add the route (lemme see if I remember my Cisco syntax), ip route 192.168.123.0 0.0.0.255 10.0.0.1 To the 675. Unless the 675 is a lot dumber than I would expect Cisco hardware to be, all should work. Just do the NAT at the 675. If you do NAT at FreeBSD, no need for NAT at the 675. Flip a coin. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message