Date: Sun, 10 Dec 2000 21:31:42 -0500 (EST) From: Chris Hill <chris@monochrome.org> To: Sean Peck <speck@newsindex.com> Cc: Jonathan Chen <jonathan.chen@itouch.co.nz>, freebsd-questions@FreeBSD.ORG Subject: Re: Configuring Gateway/NAT on Freebsd Message-ID: <Pine.BSF.3.96.1001210211341.44937B-100000@localhost> In-Reply-To: <Pine.BSF.4.10.10012101758210.5938-100000@www.newsindex.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 10 Dec 2000, Sean Peck wrote: > Well the connection is permanent, not PPP. (DSL) THe box has 1 physical > NIC, I have it configured to the PUBLIC IP, and aliased to 172.16.0.1 as > well... Woops, your message came in while I was typing the previous one. Sorry. When you speak of "the PUBLIC IP," you seem to be saying that you have only one IP address that belongs to you. This is consistent with the need to NAT. > So, in theory at least it should be answering to both address, I have tun0 > linking the 172.16.0.1 to the public space (I believe this is what I have > to do) Um, no. As Jonathan says, you need two ethernet cards (assuming your DSL works like mine does). One of them connects to the outside world as PUBLIC IP, and the other connects to the inside world, typically with an RFC1918 IP address (you seem to have chosen 172.16.0.1). tun0 is the name for the userland PPP interface. If your DSL works like mine does, you have a DSL phone line coming into the building; it goes to a box, and the other side of that box is an RJ45 ethernet jack. This is your "outside" network connection; the second ethernet card in the gateway machine is your "inside" connection. No PPP involved unless you're forced to use PPPoE or some such nonsense. > I assume that my other boxes, should be pointing to 172.16.0.1 as their > default router and be in the 172.16.0.x space... Correct. > I have the public space entry for the single NIC card pointing to the > default router up in the ISP space... I don't know enough about networking to tell you exactly why this can't work, but I'm pretty sure it can't. Ethernet cards are cheap; is it worth this amount of trouble to save a measly few pence? > On Mon, 11 Dec 2000, Jonathan Chen wrote: > > > On Sun, Dec 10, 2000 at 05:24:50PM -0800, Sean Peck wrote: > > [...] > > > I have the NIC listening to both IP's at least in theory, 172.16.0.1 and > > > my public space IP... I assume that it must be listening there as well... > > > perhaps incorrectly. > > > > For a firewall, you need to have 2 NICs. One for your i/f to the 'Net, > > and one for your i/f to your internal network. Think of a stream of > > information that must pass in thru' your f/w rules before it can go out > > thru' the second i/f to your internal network. > > > > If your i/f to the 'Net is a dial-up ppp link, you set up ppp to > > handle nat with a -nat option, instead of using 'natd'. > > -- > > Jonathan Chen <jonathan.chen@itouch.co.nz> -- Chris Hill chris@monochrome.org [1] Bus error netscape To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.1001210211341.44937B-100000>