Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 30 Aug 2000 20:01:52 +1100
From:      Chris Pauly <l@binkyware.com>
To:        John <papalia@udel.edu>, freebsd-questions@FreeBSD.ORG
Subject:   Re: Firewall solutions?
Message-ID:  <4.2.2.20000830194944.00abf650@bsd>
In-Reply-To: <4.3.1.2.20000827102920.00ac5aa0@mail.udel.edu>
References:  <4.2.2.20000828003335.00aa2a30@bsd>

next in thread | previous in thread | raw e-mail | index | archive | help
At 10 31 27/08/2000 -0400, John wrote:
><snip>
>
>This solution seems like it should work, but you don't really provide any 
>details on your configuration and how it was 'messy' or how it ruined the 
>routing...  You might want to check out www.mostgraveconcern.com and check 
>out the article on setting up a Dual-Homed machine (it's under the 
>'Advanced Topics' listing on the left frame). Without setting up your FBSD 
>to handle NAT (for your 192. box), and a firewall, AND to act as a 
>gateway, it would seem that nothing would work right =)
>
>Hope that helps,
>John

Hi John,

I can't really remember how i had it setup before. It was something like: 
I'm in the 255.255.240.0 subnet for my ISP and i had 2 subnet-less ips, so 
i just pretended i had 255.255.255.240 (both of my ips fortunately fell 
into this), but i couldn't reach any of the other IPs in that subnet, just 
my 2.

I don't think i was clear before on what i wanted so i'll just go into a 
little more depth. Here's a diagram of what i've got now: (fixed width font 
needed for this)

internet
(default gateway = 1.2.32.1, netmask 255.255.240.0)
    |
  cable
  modem
    |
(bridged)
FreeBSD (1.2.43.156)---+
   (alias 192.168.1.1)  |
                        switch
                           | |
Windows (1.2.43.159)------+ |
                             |
Windows (192.168.1.2)-------+


What i want is all the computers firewalled using the FreeBSD box, i want 
masquerading for the 192.168.1.2 computer, i want a smtpd/popd/squid etc on 
FreeBSD, and i want a microsoft network (ie: network logons + shared drives).

At the moment it's all working except two things:
* network logons (broadcast packets aren't working)
* proper firewalling (all the data coming out of FreeBSD, whether its to my 
cable modem or LAN, goes out rl0 (the NIC connected to my cable modem)).

I was thinking maybe i'll just have to move the FreeBSD from the uplink on 
the switch to just a normal port and then have a new computer on the uplink 
which is just a pure bridged firewall. But then i don't even know if 
that'll do the job properly/easilly because all the data seems to go out 
rl0 on the bridge, no matter what direction it's actually going. Why does 
the bridge have to do this? Or am i missing something?

And i want to avoid having to buy another computer. It's been suggested 
that 2nd hand p150 or something would be good, but i don't like 2nd hand 
equipment. =) The lowest i'd opt for is a brand new k6-2 box.

But then i don't even know if that'll work. Would it?

And should i even be using the uplink on my switch? I'm unsure as to its 
exact use, just seems like the right port to be using given its name.

Thanks in advance,

Chris

PS: I couldn't find that article you told me of - just a bunch of quotes.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20000830194944.00abf650>