Date: Wed, 10 Oct 2001 10:19:09 +0200 From: "Patrick O'Reilly" <patrick@mip.co.za> To: "John Holstein, IS" <jholstein@cnpapers.com>, <freebsd-questions@FreeBSD.ORG> Subject: RE: Firewall Ques: multiple subnets over a single ethernet card Message-ID: <NDBBIMKICMDGDMNOOCAIGEGMDKAA.patrick@mip.co.za> In-Reply-To: <5.1.0.14.2.20011009160239.041ef090@pop.cotse.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: John Holstein, IS > Sent: 09 October 2001 22:06 > To: freebsd-questions@FreeBSD.ORG > Subject: Firewall Ques: multiple subnets over a single ethernet card > > > Say I have a few subnets pointed to one single FreeBSD box for a > firewall. > I want all of these subnets, > 192.x.x.x to be gate'd over to the second nic on the freebsd box. I have > the firewall setup on the box and it will allow a single subnet, say > 192.168.10.x to pass, but it won't allow say, 192.169.x.x to pass. > > What's the best way to get this routed across the box? > > John Holstein > John, your details are a little scanty. Please fill in where I go wrong on my assumptions: 1) I'm assuming you have, say, 3 subnets on 3 NICS using 192.168.1.x, and 192.168.2.x and 192.168.3.x (or something similar). 2) I'm assuming your 4th NIC hooks into your external link via a router (or something similar). On the FreeBSD box you should set your default route to the IP down the line on NIC 4. On each subnet, the various hosts with have their default route set to the IP of the NIC on the same subnet on the FreeBSD box. In ipfw (again - I assume that's what you're using) you could have something like: # ipfw add $rulenum allow ip from 192.168.0.0/16 to any out via $NIC4 I think the "/16" above might be the trick you're looking for. It represents a subnet mask of 255.255.0.0. This effectively allows all IPs from 192.168.0.0 to 192.168.255.255 to match the rule in my example. I hope that helps. You'll need to give more specific details if this doesn't answer your question. Patrick. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NDBBIMKICMDGDMNOOCAIGEGMDKAA.patrick>