From owner-freebsd-questions  Fri Feb 23 12:12: 5 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from dsl-64-193-218-89.telocity.com (dsl-64-193-218-89.telocity.com [64.193.218.89])
	by hub.freebsd.org (Postfix) with SMTP id C67AF37B491
	for <freebsd-questions@freebsd.org>; Fri, 23 Feb 2001 12:12:01 -0800 (PST)
	(envelope-from lucas@slb.to)
Received: (qmail 116 invoked by uid 1000); 23 Feb 2001 20:12:21 -0000
Date: Fri, 23 Feb 2001 14:12:21 -0600
From: Lucas Bergman <lucas@slb.to>
To: "G. Jason Middleton" <gmiddl1@gl.umbc.edu>
Cc: freebsd-questions@freebsd.org
Subject: Re: setting up a firewall (Was: dual homed host)
Message-ID: <20010223141221.D28130@billygoat.slb.to>
Reply-To: lucas@slb.to
References: <Pine.LNX.4.31L.02.0102231350100.11078-100000@linux1.gl.umbc.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.LNX.4.31L.02.0102231350100.11078-100000@linux1.gl.umbc.edu>; from gmiddl1@gl.umbc.edu on Fri, Feb 23, 2001 at 01:58:51PM -0500
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> i am setting up a firewall and i have been battling with getting the
> damn things to work together.. i am using sysinstall to chagne the
> ip addys and the dns entries and the mask etc etc.   I set de0 up
> for the live ip (internet ip from my ISP) and i set up dc0 with the
> dead ip (192.168.0.1 or 192.168.0.2) not sure which one i should
> use.

It doesn't matter.  Conventionally, though, the packet router (as this
machine will be) on a class C net has its last octet set to 1.

> SO when i am setting up dc0 what should i set the dns entry to?

I'm not sure what you mean.  Do you mean that you have your own DNS
server and you want to give the address on dc0 an entry (an "A"
record)?  Do you mean to ask what address you should give as your DNS
server?

In fact, the answer to the second question depends on the answer to
the second, so please try to clarify this.

> And what should i set the gateway to?  Can they be on the same
> subnet?

The "gateway" ("default route" might be a better way of putting it) on
the firewall machine should be set to the address given to you by your
ISP, which is certainly on the same subnet as the routable address you
have (on de0).

> Info would be appreciated and yes i am already reading the handbook
> and lso Greg Lehey's book as well as Oreilly's tcp/ip for netork
> administrators.

Good man.

Of course, if you have any other machines inside the firewall, you'll
want to set up natd; the man page (natd(8)) is quite good.

Lucas

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message