Date: Wed, 30 Aug 2000 20:01:52 +1100 From: Chris Pauly <l@binkyware.com> To: John <papalia@udel.edu>, freebsd-questions@FreeBSD.ORG Subject: Re: Firewall solutions? Message-ID: <4.2.2.20000830194944.00abf650@bsd> In-Reply-To: <4.3.1.2.20000827102920.00ac5aa0@mail.udel.edu> References: <4.2.2.20000828003335.00aa2a30@bsd>
next in thread | previous in thread | raw e-mail | index | archive | help
At 10 31 27/08/2000 -0400, John wrote: ><snip> > >This solution seems like it should work, but you don't really provide any >details on your configuration and how it was 'messy' or how it ruined the >routing... You might want to check out www.mostgraveconcern.com and check >out the article on setting up a Dual-Homed machine (it's under the >'Advanced Topics' listing on the left frame). Without setting up your FBSD >to handle NAT (for your 192. box), and a firewall, AND to act as a >gateway, it would seem that nothing would work right =) > >Hope that helps, >John Hi John, I can't really remember how i had it setup before. It was something like: I'm in the 255.255.240.0 subnet for my ISP and i had 2 subnet-less ips, so i just pretended i had 255.255.255.240 (both of my ips fortunately fell into this), but i couldn't reach any of the other IPs in that subnet, just my 2. I don't think i was clear before on what i wanted so i'll just go into a little more depth. Here's a diagram of what i've got now: (fixed width font needed for this) internet (default gateway = 1.2.32.1, netmask 255.255.240.0) | cable modem | (bridged) FreeBSD (1.2.43.156)---+ (alias 192.168.1.1) | switch | | Windows (1.2.43.159)------+ | | Windows (192.168.1.2)-------+ What i want is all the computers firewalled using the FreeBSD box, i want masquerading for the 192.168.1.2 computer, i want a smtpd/popd/squid etc on FreeBSD, and i want a microsoft network (ie: network logons + shared drives). At the moment it's all working except two things: * network logons (broadcast packets aren't working) * proper firewalling (all the data coming out of FreeBSD, whether its to my cable modem or LAN, goes out rl0 (the NIC connected to my cable modem)). I was thinking maybe i'll just have to move the FreeBSD from the uplink on the switch to just a normal port and then have a new computer on the uplink which is just a pure bridged firewall. But then i don't even know if that'll do the job properly/easilly because all the data seems to go out rl0 on the bridge, no matter what direction it's actually going. Why does the bridge have to do this? Or am i missing something? And i want to avoid having to buy another computer. It's been suggested that 2nd hand p150 or something would be good, but i don't like 2nd hand equipment. =) The lowest i'd opt for is a brand new k6-2 box. But then i don't even know if that'll work. Would it? And should i even be using the uplink on my switch? I'm unsure as to its exact use, just seems like the right port to be using given its name. Thanks in advance, Chris PS: I couldn't find that article you told me of - just a bunch of quotes. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20000830194944.00abf650>