From owner-freebsd-questions Tue Jul 1 19:14:55 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id TAA07246 for questions-outgoing; Tue, 1 Jul 1997 19:14:55 -0700 (PDT) Received: from web2.microa.com (web2.microa.com [38.176.82.200]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id TAA07237 for ; Tue, 1 Jul 1997 19:14:50 -0700 (PDT) Received: from greg.microa.com ([38.176.82.103]) by web2.microa.com (8.8.5/8.7.3) with SMTP id WAA22505 for ; Tue, 1 Jul 1997 22:14:46 -0400 (EDT) Message-Id: <3.0.1.32.19970701221152.007dab40@microa.com> X-Sender: gb@microa.com X-Mailer: Windows Eudora Pro Version 3.0.1 (32) Date: Tue, 01 Jul 1997 22:11:52 -0400 To: freebsd-questions@FreeBSD.ORG From: greg baxter Subject: firewalls... Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-questions@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk we want to firewall our local net using freebsd 2.2. a little confused, we put two nics in one bsd machine, each with its own different network (not just diff host). the idea is, we need it to: hit our inet router, a t1 interface when called to do so by any local machine. this is on net 'a'. i suppose this is the only host that will be on net 'a' other than the nic in the bsd box. right? route ip data for us, with appropriate filtering via ipfw. from net 'b' to net 'a' (net 'a' is the internet side of things). do we need to configure this machine as a 'gateway' as defined in rc.conf? turn on 'routing' in same rc file? right now, our default gateway is just the t1 router (ascend pipeline) and all works well, but the ascend is on the same net as everything else. have read the o'reilly book, and at least *believe* i'm on the right track. any help you guys can toss my way is really gonna be very much appreciated, i'd like to get this thing up and going soon. thanks in advance -- greg