Date: Fri, 30 Jun 2000 13:20:35 -0500 From: "Hyunseog Ryu" <HRyu@norlight.com> To: <jeff@digiman.org> Cc: freebsd-questions@FreeBSD.ORG, owner-freebsd-questions@FreeBSD.ORG Subject: Re: Dual Nic Firewall Configuration Woes Message-ID: <OF0F513E0E.2D682DFF-ON8625690E.006408C1@norlight.com>
next in thread | raw e-mail | index | archive | help
Hi, Jeff
Do you want to use this machine as firewall?
If so, you have to give different subnet to two NIC?
In the example, you use 10.10.10.34 for de0, and 10.10.10.35 for de1.
If you assign IP addresses that belong to same subnet, Kernel only
recognize one interface only.
|---------------------------------------------------------+-----------------------|
| Internet
Router
10.10.10.33 /255.255.255.224
|
|------------------+---------------------------------------+-------------------|
| 10.10.10.32/27
network
10.10.10.34 (de0)
Machine
10.10.10.35 (de1)
|
|-----------------+--------------------------------| Inside protected
network
If somebody send packet to your inside protected network from Internet,
Router will try to send packet to 10.10.10.35 directly.
It doesn't go through Machine. ;>
I'm not sure whether I expained well.
But if you want to use this machine for firewall,
you have to assign IP address that is different from other network
interface in the firewall. ;>
Hyun
<jeff@digiman.org>
Sent by: To: <freebsd-questions@FreeBSD.ORG>
owner-freebsd-questions@F cc: (bcc: Hyunseog Ryu/Brookfield/Norlight)
reeBSD.ORG Subject: Dual Nic Firewall Configuration Woes
06/30/2000 12:41 PM
Please respond to jeff
Good afternoon FreeBSD'ers
I am in the process of creating a firewall using a
small p-133 with (2) netgear cards (shown as de0 and de1)
and FreeBSD 4.0
I am creating this firewall as a drop-in replacement to an ailing
rackmount appliance firewall.
my problem is as follows:
the subnet range from the ethernet side of the router is 255.255.255.224
(since there are only a handful of workstations to be secured)
***Note that I am using real ip's not 10.10.10.x***
***10.10.10.x is for example only***
the current firewall has 10.10.10.34 as the external (non-trusted
interface)
and 10.10.10.35 as the trusted side of the interface. the router ethernet
port is 10.10.10.33 and is configured as the default gateway for the
firewall.
I have tried to configure the Freebsd system as follows:
ifconfig_de0="inet 10.10.10.34 netmask 255.255.255.224"
ifconfig_de1="inet 10.10.10.35 netmask 255.255.255.224"
default_gateway="10.10.10.33"
gateway_enable="yes"
option BRIDGING
has been added to my kernel configuration
once the system has been rebooted, I can only ping de0,
if I shutdown de0 then de1 is pingable, but not both at the same
time. this as you can imagine, is very frustrating to the development
of my firewall. any help and guidance from anyone familliar with
the design of firewalls using FreeBSD would be very welcomed.
thank you in advance.
Jeff
jeff@digiman.org
www.digiman.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OF0F513E0E.2D682DFF-ON8625690E.006408C1>