Date: Sun, 1 Aug 2004 14:41:09 +0530 From: "Subhro" <subhro@mailblocks.com> To: <freebsd-questions@freebsd.org> Subject: Gateway Setup Message-ID: <subhro-0OUzoAUezrfAxoY%2B7f/z1B0Uh0NdSj2@mailblocks.com> References: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAAez9swEod0qC1G/hDF8vPMKAAAAQAAAAqCHKPowa2ESKCZBxfjfe3gEAAAAA@mailblocks.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format. ------=_NextPart_000_0020_01C477D5.952CB110 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Subhro Sent: Sunday, August 01, 2004 14:28 To: freebsd-questions@freebsd.org Subject: Gateway Setup Greetings, I am facing a problem in setting up my gateway so I am asking for help. Let me describe me my setup. My ISP gateway is *.*.144.49. I am assigned a few static IPS. *.*.144.54 *.*.147.229 *.*.147.230 I would like to set up a FreeBSD packet filtering gateway. I have currently laid out my network as: ------------ -------------- ------------- | | | | | | | ISP |*.*.144.49 | FreeBSD Box |*.*.147.229 | Linux | | GATEWAY |-----------------------| |-----------------------| NAT | | | *.*.144.54| | *.*.147.230| | ------------- --------------- ------------- | 172.16.0.1 | | | |172.16.0.200 -------------- | | | LAN | | Host | | | | | --------------- My rc.conf looks like: ifconfig_fxp0="inet 61.95.147.118 netmask 255.255.255.252" ifconfig_sis0="inet 61.95.147.229 netmask 255.255.255.252" ifconfig_sis0_alias0="inet 172.16.0.2 netmask 255.255.0.0" gateway_enable="YES" routed_enable="YES" firewall_enable="YES" firewall_type="OPEN" arpproxy_all="YES" # replaces obsolete kernel option ARP_PROXYALL. firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall ip_portrange_first="10000" # Set first dynamically allocated port ip_portrange_last="20000" # Set last dynamically allocated port tcp_drop_synfin="YES" # Set to YES to drop TCP packets with SYN+FIN icmp_drop_redirect="YES" # Set to YES to ignore ICMP REDIRECT packets I have still not configured the firewall. I would be highly obliged if anyone helps me by telling what are the things I am missing out? Another point to be taken care of is, a couple of systems inside the LAN are having a public IP. For example one of the host is having an IP of *.*.144.82. I am not allowed to mess with the Linux NAT box in any way because of some preinstalled commercial software solutions. However I can change the IPs of the NAT box if necessary. Please help me out. Thanks and Best Regards Subhro Sorry the figure messed up. Actually What I meant is, The ISP gateway is *.*.144.49 The FreeBSD router is supposed to have two interfaces with IPS *.*.144.54, which is in the next hop of ISP gateway. The other interface is *.*.147.229. This interface is supposed to have the packets filtered from *.54. The interface is connected to a Linux NAT box having one interface, *.*.147.230 and another interface connected to the LAN 172.16.0.1. I am not allowed to play with the NAT box. Another point to be taken care of is, the LAN contains a couple of hosts which are assigned a public ip statically. Could anyone help me setup the above network please? ------=_NextPart_000_0020_01C477D5.952CB110 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIKGjCCAj0w ggGmAhEAzbp/VvDf5LxU/iKss3KqVTANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEXMBUG A1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2Vy dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNMjgwODAxMjM1OTU5WjBfMQsw CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVi bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0A MIGJAoGBAOUZv22jVmEtmUhx9mfeuY3rt56GgAqRDvo4Ja9GiILlc6igmyRdDR/MZW4MsNBWhBiH mgabEKFz37RYOWtuwfYV1aioP6oSBo0xrH+wNNePNGeICc0UEeJORVZpH3gCgNrcR5EpuzbJY1zF 4Ncth3uhtzKwezC6Ki8xqu6jZ9rbAgMBAAEwDQYJKoZIhvcNAQECBQADgYEATD+4i8Zo3+5DMw5d 6abLB4RNejP/khv0Nq3YlSI2aBFsfELM85wuxAc/FLAPT/+Qknb54rxK6Y/NoIAK98Up8YIiXbix 3YEjo3slFUYweRb46gVLlH8dwhzI47f0EEA8E8NfH1PoSOSGtHuhNbB7Jbq4046rPzidADQAmPPR cZQwggNiMIICy6ADAgECAhAL2gsXwT+JjqsJdHq0zi4zMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNV BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMg UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05ODA1MTIwMDAwMDBaFw0wODA1MTIy MzU5NTlaMIHMMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1 c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNv cnAuIEJ5IFJlZi4sTElBQi5MVEQoYyk5ODFIMEYGA1UEAxM/VmVyaVNpZ24gQ2xhc3MgMSBDQSBJ bmRpdmlkdWFsIFN1YnNjcmliZXItUGVyc29uYSBOb3QgVmFsaWRhdGVkMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQC7WkSKBBa7Vf0DeootlE8VeDa4DUqyb5xUv7zodyqdufBou5XZMUFweoFL uUgTVi3HCOGEQqvAopKrRFyqQvCCDgLpL/vCO7u+yScKXbawNkIztW5UiE+HSr8Z2vkV6A+Hthzj zMaajn9qJJLj/OBluqexfu/J2zdqyErICQbkmQIDAQABo4GwMIGtMA8GA1UdEwQIMAYBAf8CAQAw RwYDVR0gBEAwPjA8BgtghkgBhvhFAQcBATAtMCsGCCsGAQUFBwIBFh93d3cudmVyaXNpZ24uY29t L3JlcG9zaXRvcnkvUlBBMDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29t L3BjYTEuY3JsMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwDQYJKoZIhvcNAQECBQAD gYEAAn2eb0VLOKC43ulTZCG85Ewrjx7+kkCs2Ao5aqEyISwHm6tZ/tJiGn1VOLA3c9z0B2ZjYr3h U3BSh+eo2FLpWy2q4d7PrDFU1IsZyNgjqO8EKzJ9LBgcyHyJqC538kTRZQpNdLXu0xuSc3QuiTs1 E3LnQDGa07LEq+dWvovj+xUwggRvMIID2KADAgECAhASwHKkbKDka8G7HJL50EEjMA0GCSqGSIb3 DQEBBAUAMIHMMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1 c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNv cnAuIEJ5IFJlZi4sTElBQi5MVEQoYyk5ODFIMEYGA1UEAxM/VmVyaVNpZ24gQ2xhc3MgMSBDQSBJ bmRpdmlkdWFsIFN1YnNjcmliZXItUGVyc29uYSBOb3QgVmFsaWRhdGVkMB4XDTA0MDYyMTAwMDAw MFoXDTA1MDYyMTIzNTk1OVowggETMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMW VmVyaVNpZ24gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0 b3J5L1JQQSBJbmNvcnAuIGJ5IFJlZi4sTElBQi5MVEQoYyk5ODEeMBwGA1UECxMVUGVyc29uYSBO b3QgVmFsaWRhdGVkMTQwMgYDVQQLEytEaWdpdGFsIElEIENsYXNzIDEgLSBNaWNyb3NvZnQgRnVs bCBTZXJ2aWNlMRMwEQYDVQQDFApTdWJocm8gS2FyMSQwIgYJKoZIhvcNAQkBFhVzdWJocm9AbWFp bGJsb2Nrcy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANvKLTlqtN+YsoThYs7R31rn 8zOGc/AlpGY1i8wcDhNb1hX7ka7Cie39g7RFUK5FK24QJ6p75fM9A+Ixn+UFJPt4kuLZLD4VYw5j bAUm7c8ZSXOjoaQJ/JicU3WITkBeXkq36Gwbfj+xMRE2wWtYLSYnK/uez1/gqO43hy8EdCGxAgMB AAGjggEGMIIBAjAJBgNVHRMEAjAAMIGsBgNVHSAEgaQwgaEwgZ4GC2CGSAGG+EUBBwEBMIGOMCgG CCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vQ1BTMGIGCCsGAQUFBwICMFYwFRYO VmVyaVNpZ24sIEluYy4wAwIBARo9VmVyaVNpZ24ncyBDUFMgaW5jb3JwLiBieSByZWZlcmVuY2Ug bGlhYi4gbHRkLiAoYyk5NyBWZXJpU2lnbjARBglghkgBhvhCAQEEBAMCB4AwMwYDVR0fBCwwKjAo oCagJIYiaHR0cDovL2NybC52ZXJpc2lnbi5jb20vY2xhc3MxLmNybDANBgkqhkiG9w0BAQQFAAOB gQCBpVlTKHsy5A1RgatPfcladozSvo2uOMJibAHZtjPBZs1/7rLGz3JjN8f9WY8SFSBXI2Yo9lie rB4r/UrpOTsF548Pi40yv4Gi1cxFQJJkHrv1voM/8fO5TqpD7L/h9RrjTmOMq2BBq8HjlCth144p fk7fSUnB/MAuwJcB/5QOMzGCBI4wggSKAgEBMIHhMIHMMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5j LjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWdu LmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNvcnAuIEJ5IFJlZi4sTElBQi5MVEQoYyk5ODFIMEYGA1UE AxM/VmVyaVNpZ24gQ2xhc3MgMSBDQSBJbmRpdmlkdWFsIFN1YnNjcmliZXItUGVyc29uYSBOb3Qg VmFsaWRhdGVkAhASwHKkbKDka8G7HJL50EEjMAkGBSsOAwIaBQCgggMCMBgGCSqGSIb3DQEJAzEL BgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA0MDgwMTA5MTEwOFowIwYJKoZIhvcNAQkEMRYE FBd2gaJpMEa6ujp58rSO2KFPnBckME4GCyqGSIb3DQEJEAIBMT8wPQQdAAAAABAAAACoIco+jBrY RIoJkHF+N97eAQAAAACAAQAwGTAXgRVzdWJocm9AbWFpbGJsb2Nrcy5jb20wZwYJKoZIhvcNAQkP MVowWDAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcw DQYIKoZIhvcNAwICASgwBwYFKw4DAhowCgYIKoZIhvcNAgUwgfIGCSsGAQQBgjcQBDGB5DCB4TCB zDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv cmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9SUEEgSW5jb3JwLiBCeSBS ZWYuLExJQUIuTFREKGMpOTgxSDBGBgNVBAMTP1ZlcmlTaWduIENsYXNzIDEgQ0EgSW5kaXZpZHVh bCBTdWJzY3JpYmVyLVBlcnNvbmEgTm90IFZhbGlkYXRlZAIQEsBypGyg5GvBuxyS+dBBIzCB9AYL KoZIhvcNAQkQAgsxgeSggeEwgcwxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3JlcG9zaXRv cnkvUlBBIEluY29ycC4gQnkgUmVmLixMSUFCLkxURChjKTk4MUgwRgYDVQQDEz9WZXJpU2lnbiBD bGFzcyAxIENBIEluZGl2aWR1YWwgU3Vic2NyaWJlci1QZXJzb25hIE5vdCBWYWxpZGF0ZWQCEBLA cqRsoORrwbsckvnQQSMwDQYJKoZIhvcNAQEBBQAEgYBKSdS5nZyps05Xgf76/HENXkRl4I1AUEp7 CgHRDexvckYNv7I0awUGCbbzgOAT0N9VjeMQAFjzitUACYPuHuZQinaenDhPCSqi1EQLSgFOUzes gz/76QTT0Bjt71H++BfGFbhN00v8AAfI7QbZg8Dlw6dF+LiOw5fnJ2FW+ljHkwAAAAAAAA== ------=_NextPart_000_0020_01C477D5.952CB110--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?subhro-0OUzoAUezrfAxoY%2B7f/z1B0Uh0NdSj2>