Date: Wed, 27 Feb 2002 17:03:01 -0600 From: "Hamilton Hoover" <hamilton.hoover@onebox.com> To: freebsd-questions@FreeBSD.ORG Cc: hhoover@724.com Subject: natd & ipfw config with 5 NICS Message-ID: <20020227230301.SZCZ29423.mta06.onebox.com@onebox.com>
next in thread | raw e-mail | index | archive | help
Hi all, I'm setting up a site that I'd like to have four separate networks connected through a single gateway/firewall with five network interfaces. Two Public (real IPs) interfaces on the same network with different IPs realIP1 realIP2 Three Private (fake IPS) interfaces on three separate networks 192.168.1 192.168.2 192.168.3 I want to break it down in to two groups site1 realIP1 --> 192.168.1 This is the only one I currently have running and works fine. I basicly allow ftp, http, https. I am using redirect_port for the protocols I want to allow in. I will change to redirect_address when I add site 2. site2 realIP2 --> 192.168.2 realIP2 --> 192.168.3 On this site I want to allow traffic for web to the DMZ 192.168.2 and dns to 192.168.3. I also want to allow certain traffic from 192.168.3 --> 192.168.2. I am unsure if I can have multiple nat devices and will a second nat'ed device conflict with the one from site1? There are no outbound restrications and I'm using ipfw for firewalling. All of the 192.168 wail need to send packets to the internet. So is it possible to list more then one nat interface? Is there a better way to do what I want here and keep three private nets? I currently running FreeBSD 4.4-RELEASE tia! Hamilton __________________________________________________ FREE voicemail, email, and fax...all in one place. Sign Up Now! http://www.onebox.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020227230301.SZCZ29423.mta06.onebox.com>