Date: Sat, 16 Mar 2002 08:43:47 +1100 From: Mark Hannon <markhannon@optushome.com.au> To: dimebar65@hotmail.com, freebsd-questions@freebsd.org Subject: Re: natd router with 3 NICs Message-ID: <3C926B13.61863B67@optushome.com.au> References: <F46kWHZqYW8BYXifWoq00004491_hotmail.com@ns.sol.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>
> I now want to add another network card to the machine to server another lan
> (10.*). I want the FBSD machine to forward all traffic between the lans and
> provide NAT access through the cable modem to each. i.e.
> What ipfw rules do I need to do this?
Well that depends upon what you have today ... basically you should
treat the
10.* subnet in the same manner that you treat your existing RFC1918
subnet,
ie if you have an 'internal' set of filter statements for 192.168.* then
you
should add an equivalent set for the 10.* addresses. In cases where I
have
done this I generally set this up on a per interface basis, a fragment
of my
ipfw setup file shows this:
# Define inside, outside and ppp interface
iif="rl0"
oif="rl1"
#iif_extra1="ed0"
#iif_extra2="ed1"
pppif="tun0"
# Allow traffic via inside interface
${fwcmd} add 400 allow ip from any to any via ${iif}
#${fwcmd} add 401 allow ip from any to any via ${iif_extra1}
#${fwcmd} add 402 allow ip from any to any via ${iif_extra2}
# Allow traffic via ppp interface
${fwcmd} add 500 allow ip from any to any via ${pppif}
As can be seen, ipfw does NO filtering of the internal cards. This
suits me but
may not be appropriate for your network.
/mark
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C926B13.61863B67>