From owner-freebsd-questions Sun Dec 10 18:32:36 2000 From owner-freebsd-questions@FreeBSD.ORG Sun Dec 10 18:32:32 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mail.monochrome.org (monochrome.org [206.64.112.124]) by hub.freebsd.org (Postfix) with ESMTP id 1069037B400 for ; Sun, 10 Dec 2000 18:32:32 -0800 (PST) Received: from localhost (faro [192.168.1.7]) by mail.monochrome.org (8.9.3/8.9.3) with SMTP id VAA32460; Sun, 10 Dec 2000 21:31:42 -0500 (EST) (envelope-from chris@monochrome.org) Date: Sun, 10 Dec 2000 21:31:42 -0500 (EST) From: Chris Hill X-Sender: chris@localhost To: Sean Peck Cc: Jonathan Chen , freebsd-questions@FreeBSD.ORG Subject: Re: Configuring Gateway/NAT on Freebsd In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sun, 10 Dec 2000, Sean Peck wrote: > Well the connection is permanent, not PPP. (DSL) THe box has 1 physical > NIC, I have it configured to the PUBLIC IP, and aliased to 172.16.0.1 as > well... Woops, your message came in while I was typing the previous one. Sorry. When you speak of "the PUBLIC IP," you seem to be saying that you have only one IP address that belongs to you. This is consistent with the need to NAT. > So, in theory at least it should be answering to both address, I have tun0 > linking the 172.16.0.1 to the public space (I believe this is what I have > to do) Um, no. As Jonathan says, you need two ethernet cards (assuming your DSL works like mine does). One of them connects to the outside world as PUBLIC IP, and the other connects to the inside world, typically with an RFC1918 IP address (you seem to have chosen 172.16.0.1). tun0 is the name for the userland PPP interface. If your DSL works like mine does, you have a DSL phone line coming into the building; it goes to a box, and the other side of that box is an RJ45 ethernet jack. This is your "outside" network connection; the second ethernet card in the gateway machine is your "inside" connection. No PPP involved unless you're forced to use PPPoE or some such nonsense. > I assume that my other boxes, should be pointing to 172.16.0.1 as their > default router and be in the 172.16.0.x space... Correct. > I have the public space entry for the single NIC card pointing to the > default router up in the ISP space... I don't know enough about networking to tell you exactly why this can't work, but I'm pretty sure it can't. Ethernet cards are cheap; is it worth this amount of trouble to save a measly few pence? > On Mon, 11 Dec 2000, Jonathan Chen wrote: > > > On Sun, Dec 10, 2000 at 05:24:50PM -0800, Sean Peck wrote: > > [...] > > > I have the NIC listening to both IP's at least in theory, 172.16.0.1 and > > > my public space IP... I assume that it must be listening there as well... > > > perhaps incorrectly. > > > > For a firewall, you need to have 2 NICs. One for your i/f to the 'Net, > > and one for your i/f to your internal network. Think of a stream of > > information that must pass in thru' your f/w rules before it can go out > > thru' the second i/f to your internal network. > > > > If your i/f to the 'Net is a dial-up ppp link, you set up ppp to > > handle nat with a -nat option, instead of using 'natd'. > > -- > > Jonathan Chen -- Chris Hill chris@monochrome.org [1] Bus error netscape To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message