From owner-freebsd-questions@FreeBSD.ORG Sun Aug 1 08:57:55 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7069316A4CE for ; Sun, 1 Aug 2004 08:57:55 +0000 (GMT) Received: from smtp1.mailblocks.com (smtp1.mailblocks.com [140.174.9.69]) by mx1.FreeBSD.org (Postfix) with SMTP id 4D6CD43D60 for ; Sun, 1 Aug 2004 08:57:55 +0000 (GMT) (envelope-from subhro-0EEnoAUKzrfAVqOLZbGOO/IgIDCLJvU@mailblocks.com) Received: (qmail 27721 invoked from network); 1 Aug 2004 08:57:54 -0000 Received: from 10.10.0.57 (HELO mailblocks.com) (10.10.0.57) by 10.10.0.7 with SMTP; 1 Aug 2004 08:57:54 -0000 Date: Sun, 1 Aug 2004 14:27:39 +0530 Message-Id: From: "Subhro" References: X-MB-Message-Source: ClientSMTP X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2149 X-MB-Message-Type: User Received: from 61.95.144.82 by app8.mailblocks.com (10.10.0.57) with SMTP (authenticated); Sun, 01 Aug 2004 01:57:52 -0700 X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_0000_01C477D3.B12519E0" Thread-Index: AcR3pZbn7ayVpKPvRtO565D68IB1zg== MIME-Version: 1.0 To: Subject: Gateway Setup X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Aug 2004 08:57:55 -0000 This is a multi-part message in MIME format. ------=_NextPart_000_0000_01C477D3.B12519E0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Greetings, I am facing a problem in setting up my gateway so I am asking for help. Let me describe me my setup. My ISP gateway is *.*.144.49. I am assigned a few static IPS. *.*.144.54 *.*.147.229 *.*.147.230 I would like to set up a FreeBSD packet filtering gateway. I have currently laid out my network as: ------------ -------------- ------------- | | | | | | | ISP |*.*.144.49 | FreeBSD Box |*.*.147.229 | Linux | | GATEWAY |-----------------------| |-----------------------| NAT | | | *.*.144.54| | *.*.147.230| | ------------- --------------- ------------- | 172.16.0.1 | | | |172.16.0.200 -------------- | | | LAN | | Host | | | | | --------------- My rc.conf looks like: ifconfig_fxp0="inet 61.95.147.118 netmask 255.255.255.252" ifconfig_sis0="inet 61.95.147.229 netmask 255.255.255.252" ifconfig_sis0_alias0="inet 172.16.0.2 netmask 255.255.0.0" gateway_enable="YES" routed_enable="YES" firewall_enable="YES" firewall_type="OPEN" arpproxy_all="YES" # replaces obsolete kernel option ARP_PROXYALL. firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall ip_portrange_first="10000" # Set first dynamically allocated port ip_portrange_last="20000" # Set last dynamically allocated port tcp_drop_synfin="YES" # Set to YES to drop TCP packets with SYN+FIN icmp_drop_redirect="YES" # Set to YES to ignore ICMP REDIRECT packets I have still not configured the firewall. I would be highly obliged if anyone helps me by telling what are the things I am missing out? Another point to be taken care of is, a couple of systems inside the LAN are having a public IP. For example one of the host is having an IP of *.*.144.82. I am not allowed to mess with the Linux NAT box in any way because of some preinstalled commercial software solutions. However I can change the IPs of the NAT box if necessary. Please help me out. Thanks and Best Regards Subhro ------=_NextPart_000_0000_01C477D3.B12519E0 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIKGjCCAj0w ggGmAhEAzbp/VvDf5LxU/iKss3KqVTANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEXMBUG A1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2Vy dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNMjgwODAxMjM1OTU5WjBfMQsw CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVi bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0A MIGJAoGBAOUZv22jVmEtmUhx9mfeuY3rt56GgAqRDvo4Ja9GiILlc6igmyRdDR/MZW4MsNBWhBiH mgabEKFz37RYOWtuwfYV1aioP6oSBo0xrH+wNNePNGeICc0UEeJORVZpH3gCgNrcR5EpuzbJY1zF 4Ncth3uhtzKwezC6Ki8xqu6jZ9rbAgMBAAEwDQYJKoZIhvcNAQECBQADgYEATD+4i8Zo3+5DMw5d 6abLB4RNejP/khv0Nq3YlSI2aBFsfELM85wuxAc/FLAPT/+Qknb54rxK6Y/NoIAK98Up8YIiXbix 3YEjo3slFUYweRb46gVLlH8dwhzI47f0EEA8E8NfH1PoSOSGtHuhNbB7Jbq4046rPzidADQAmPPR cZQwggNiMIICy6ADAgECAhAL2gsXwT+JjqsJdHq0zi4zMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNV BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMg UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05ODA1MTIwMDAwMDBaFw0wODA1MTIy MzU5NTlaMIHMMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1 c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNv cnAuIEJ5IFJlZi4sTElBQi5MVEQoYyk5ODFIMEYGA1UEAxM/VmVyaVNpZ24gQ2xhc3MgMSBDQSBJ bmRpdmlkdWFsIFN1YnNjcmliZXItUGVyc29uYSBOb3QgVmFsaWRhdGVkMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQC7WkSKBBa7Vf0DeootlE8VeDa4DUqyb5xUv7zodyqdufBou5XZMUFweoFL uUgTVi3HCOGEQqvAopKrRFyqQvCCDgLpL/vCO7u+yScKXbawNkIztW5UiE+HSr8Z2vkV6A+Hthzj zMaajn9qJJLj/OBluqexfu/J2zdqyErICQbkmQIDAQABo4GwMIGtMA8GA1UdEwQIMAYBAf8CAQAw RwYDVR0gBEAwPjA8BgtghkgBhvhFAQcBATAtMCsGCCsGAQUFBwIBFh93d3cudmVyaXNpZ24uY29t L3JlcG9zaXRvcnkvUlBBMDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29t L3BjYTEuY3JsMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwDQYJKoZIhvcNAQECBQAD gYEAAn2eb0VLOKC43ulTZCG85Ewrjx7+kkCs2Ao5aqEyISwHm6tZ/tJiGn1VOLA3c9z0B2ZjYr3h U3BSh+eo2FLpWy2q4d7PrDFU1IsZyNgjqO8EKzJ9LBgcyHyJqC538kTRZQpNdLXu0xuSc3QuiTs1 E3LnQDGa07LEq+dWvovj+xUwggRvMIID2KADAgECAhASwHKkbKDka8G7HJL50EEjMA0GCSqGSIb3 DQEBBAUAMIHMMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1 c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNv cnAuIEJ5IFJlZi4sTElBQi5MVEQoYyk5ODFIMEYGA1UEAxM/VmVyaVNpZ24gQ2xhc3MgMSBDQSBJ bmRpdmlkdWFsIFN1YnNjcmliZXItUGVyc29uYSBOb3QgVmFsaWRhdGVkMB4XDTA0MDYyMTAwMDAw MFoXDTA1MDYyMTIzNTk1OVowggETMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMW VmVyaVNpZ24gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0 b3J5L1JQQSBJbmNvcnAuIGJ5IFJlZi4sTElBQi5MVEQoYyk5ODEeMBwGA1UECxMVUGVyc29uYSBO b3QgVmFsaWRhdGVkMTQwMgYDVQQLEytEaWdpdGFsIElEIENsYXNzIDEgLSBNaWNyb3NvZnQgRnVs bCBTZXJ2aWNlMRMwEQYDVQQDFApTdWJocm8gS2FyMSQwIgYJKoZIhvcNAQkBFhVzdWJocm9AbWFp bGJsb2Nrcy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANvKLTlqtN+YsoThYs7R31rn 8zOGc/AlpGY1i8wcDhNb1hX7ka7Cie39g7RFUK5FK24QJ6p75fM9A+Ixn+UFJPt4kuLZLD4VYw5j bAUm7c8ZSXOjoaQJ/JicU3WITkBeXkq36Gwbfj+xMRE2wWtYLSYnK/uez1/gqO43hy8EdCGxAgMB AAGjggEGMIIBAjAJBgNVHRMEAjAAMIGsBgNVHSAEgaQwgaEwgZ4GC2CGSAGG+EUBBwEBMIGOMCgG CCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vQ1BTMGIGCCsGAQUFBwICMFYwFRYO VmVyaVNpZ24sIEluYy4wAwIBARo9VmVyaVNpZ24ncyBDUFMgaW5jb3JwLiBieSByZWZlcmVuY2Ug bGlhYi4gbHRkLiAoYyk5NyBWZXJpU2lnbjARBglghkgBhvhCAQEEBAMCB4AwMwYDVR0fBCwwKjAo oCagJIYiaHR0cDovL2NybC52ZXJpc2lnbi5jb20vY2xhc3MxLmNybDANBgkqhkiG9w0BAQQFAAOB gQCBpVlTKHsy5A1RgatPfcladozSvo2uOMJibAHZtjPBZs1/7rLGz3JjN8f9WY8SFSBXI2Yo9lie rB4r/UrpOTsF548Pi40yv4Gi1cxFQJJkHrv1voM/8fO5TqpD7L/h9RrjTmOMq2BBq8HjlCth144p fk7fSUnB/MAuwJcB/5QOMzGCBI4wggSKAgEBMIHhMIHMMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5j LjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWdu LmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNvcnAuIEJ5IFJlZi4sTElBQi5MVEQoYyk5ODFIMEYGA1UE AxM/VmVyaVNpZ24gQ2xhc3MgMSBDQSBJbmRpdmlkdWFsIFN1YnNjcmliZXItUGVyc29uYSBOb3Qg VmFsaWRhdGVkAhASwHKkbKDka8G7HJL50EEjMAkGBSsOAwIaBQCgggMCMBgGCSqGSIb3DQEJAzEL BgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA0MDgwMTA4NTczNlowIwYJKoZIhvcNAQkEMRYE FLtXxOJ7QFlnEUhlibkXUSCy1LBSME4GCyqGSIb3DQEJEAIBMT8wPQQdAAAAABAAAABo5GgxAxYf R4LH3FNzlb02AQAAAACAAQAwGTAXgRVzdWJocm9AbWFpbGJsb2Nrcy5jb20wZwYJKoZIhvcNAQkP MVowWDAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcw DQYIKoZIhvcNAwICASgwBwYFKw4DAhowCgYIKoZIhvcNAgUwgfIGCSsGAQQBgjcQBDGB5DCB4TCB zDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv cmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9SUEEgSW5jb3JwLiBCeSBS ZWYuLExJQUIuTFREKGMpOTgxSDBGBgNVBAMTP1ZlcmlTaWduIENsYXNzIDEgQ0EgSW5kaXZpZHVh bCBTdWJzY3JpYmVyLVBlcnNvbmEgTm90IFZhbGlkYXRlZAIQEsBypGyg5GvBuxyS+dBBIzCB9AYL KoZIhvcNAQkQAgsxgeSggeEwgcwxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3JlcG9zaXRv cnkvUlBBIEluY29ycC4gQnkgUmVmLixMSUFCLkxURChjKTk4MUgwRgYDVQQDEz9WZXJpU2lnbiBD bGFzcyAxIENBIEluZGl2aWR1YWwgU3Vic2NyaWJlci1QZXJzb25hIE5vdCBWYWxpZGF0ZWQCEBLA cqRsoORrwbsckvnQQSMwDQYJKoZIhvcNAQEBBQAEgYBDwqW+dum0YqsGu4Q0W5MEoeWezEkxpxwA CgNxa14wPt4JNbztYQ5jYV6MW3C7HOJDopTnkSl++twS+NrqkGZf7f/aUT1WRG+sz8yWGl8TcCom 1ES4L8EsH58XkRtkld79k9f/S1n0DfQVeD3/a870+Si1PuoOSsBu3iTdn6tlvgAAAAAAAA== ------=_NextPart_000_0000_01C477D3.B12519E0--