Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 29 Jan 2001 22:45:48 -0800
From:      "Crist J. Clark" <cjclark@reflexnet.net>
To:        mharding@marketnews.com
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: My FreeBSD Firewall
Message-ID:  <20010129224547.E91447@rfx-216-196-73-168.users.reflex>
In-Reply-To: <980823114.3a762c4a041fa@mail.marketnews.com>; from mharding@marketnews.com on Mon, Jan 29, 2001 at 09:51:54PM -0500
References:  <980823114.3a762c4a041fa@mail.marketnews.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, Jan 29, 2001 at 09:51:54PM -0500, mharding@marketnews.com wrote:
> Hello.  I am building a Firewall and have some questions about how to implement 
> it.  The basic firewall is a FreeBSD box running squid for transparent proxy, 
> IPFW for dummynet to rate limit syn's, and IPF as my main statefull packet 
> filter.  The problem I have is with putting this into production.  I have a T1 
> to the internet, the routers IP address is 172.16.1.1(well not really but it 
> works for the example) and all of the computers on the LAN are in the 172.16.1.0
> (once again..only for the example) network.  So here I get to the 
> question....is there any way to set the firewall with the same IP address as 
> the router to make the install fairly transparent to the users?  Could I set 
> the firewall up as 172.16.1.1 and use NAT to let it communicate with the router 
> for internet traffic?  How would I set up my routing tables?  Also if anyone 
> has any input as far as how I am building my firewall that would be very 
> appreciated.

Easy. Put a RFC1918 LAN in between the router and firewall,

                                                            {
 Router:192.168.100.1---192.168.100.2:Firewall:172.16.1.1---{ 172.16.1.0/xx
                                                            {

Just change the internal address of the router and add the route (in
route(8) syntax),

  route add net 172.16.1.0/xx 192.168.100.2

No need for NAT or anything wack like that.
-- 
Crist J. Clark                           cjclark@alum.mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010129224547.E91447>