Date: Mon, 29 Jan 2001 22:45:48 -0800 From: "Crist J. Clark" <cjclark@reflexnet.net> To: mharding@marketnews.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: My FreeBSD Firewall Message-ID: <20010129224547.E91447@rfx-216-196-73-168.users.reflex> In-Reply-To: <980823114.3a762c4a041fa@mail.marketnews.com>; from mharding@marketnews.com on Mon, Jan 29, 2001 at 09:51:54PM -0500 References: <980823114.3a762c4a041fa@mail.marketnews.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 29, 2001 at 09:51:54PM -0500, mharding@marketnews.com wrote: > Hello. I am building a Firewall and have some questions about how to implement > it. The basic firewall is a FreeBSD box running squid for transparent proxy, > IPFW for dummynet to rate limit syn's, and IPF as my main statefull packet > filter. The problem I have is with putting this into production. I have a T1 > to the internet, the routers IP address is 172.16.1.1(well not really but it > works for the example) and all of the computers on the LAN are in the 172.16.1.0 > (once again..only for the example) network. So here I get to the > question....is there any way to set the firewall with the same IP address as > the router to make the install fairly transparent to the users? Could I set > the firewall up as 172.16.1.1 and use NAT to let it communicate with the router > for internet traffic? How would I set up my routing tables? Also if anyone > has any input as far as how I am building my firewall that would be very > appreciated. Easy. Put a RFC1918 LAN in between the router and firewall, { Router:192.168.100.1---192.168.100.2:Firewall:172.16.1.1---{ 172.16.1.0/xx { Just change the internal address of the router and add the route (in route(8) syntax), route add net 172.16.1.0/xx 192.168.100.2 No need for NAT or anything wack like that. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010129224547.E91447>