From owner-freebsd-questions Wed Dec 20 11:11:15 2000 From owner-freebsd-questions@FreeBSD.ORG Wed Dec 20 11:11:13 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from cbexchange.estatebenefits.com (sdsl-216-36-80-226.dsl.lax.megapath.net [216.36.80.226]) by hub.freebsd.org (Postfix) with ESMTP id 8AED037B400 for ; Wed, 20 Dec 2000 11:11:13 -0800 (PST) Received: by cbexchange with Internet Mail Service (5.5.2650.21) id ; Wed, 20 Dec 2000 11:11:13 -0800 Message-ID: <0DF776DB4CA1D411A77F005004CEBE9703FADE@cbexchange> From: Chris Stankevitz To: "'freebsd-questions@freebsd.org'" Subject: Freebsd firewall on my ISP-assigned subnet Date: Wed, 20 Dec 2000 11:11:12 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG xl0 xl1 --|DSL|----|freebsd |----|LAN|-- |Rtr| ^ |firewall| ^ | | +------------+ 128.97.10.0/24 Is this possible? (I have attempted to show a freebsd machine with two interfaces, both on the same subnet but connected to different hubs) If so, how does firewall machine know which interface to use when sending a packet to the 128.97.10.0/24 subnet? If not, how does one implement a firewall (without using nat) on an 'isp assigned' subnet? I've read countless faqs on nat-style firewalls and ipfw rules, but none seem to address this "one subnet" issue. Thanks for your help, Chris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message