From owner-freebsd-questions Mon Mar 4 22:47:25 2002 Delivered-To: freebsd-questions@freebsd.org Received: from www5.mailru.com (www5.mailru.com [80.68.244.8]) by hub.freebsd.org (Postfix) with ESMTP id 16A3037B400 for ; Mon, 4 Mar 2002 22:47:20 -0800 (PST) Received: by HotBOX.Ru WebMail v2.1 id g256irn40909 for ; Date: Tue, 5 Mar 2002 09:44:53 +0300 (MSK) Message-Id: <200203050644.g256irn40909@www5.mailru.com> From: "A.Rakukin" To: questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 8bit X-Mailer: Free WebMail HotBOX.ru X-Originating-IP: [12.228.195.188] Subject: with and without firewall Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello, I would like to have my network (say, 128.1.1.0 with router 128.1.1.1) connected to the Internet via the firewall most of the time, but also provide the possibility for this network to be switched to direct Internet connection at any time, without any changes in routing. I guess I can set it up in the following way: - create an additional network (128.2.2.0), - add this network as secondary to the router, assigning an additional address 128.2.2.1 to the router itself, - set up a firewall with external address 128.2.2.2 and internal addresses 128.1.1.1 - make the firewall pick all packets intended for 128.1.1.0 which come to its external interface, filter them and send into the internal network. Then, routing should work either if firewall is present or it is physically removed and router connected to the network directly. Is that possible? Which software can accomplish the last task? As far as I understand, NAT address redirection does not do it. Maybe, there are easier ways to solve this problem, without setting up an additional network? Thanks a lot, Alex To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message