From owner-freebsd-questions  Fri Jun 29  1:26: 7 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from swan.mail.pas.earthlink.net (swan.mail.pas.earthlink.net [207.217.120.123])
	by hub.freebsd.org (Postfix) with ESMTP id 33B7637B406
	for <freebsd-questions@FreeBSD.ORG>; Fri, 29 Jun 2001 01:26:05 -0700 (PDT)
	(envelope-from cjc@earthlink.net)
Received: from blossom.cjclark.org (dialup-209.245.141.202.Dial1.SanJose1.Level3.net [209.245.141.202])
	by swan.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id BAA29294;
	Fri, 29 Jun 2001 01:26:03 -0700 (PDT)
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.4/8.11.3) id f5T8Q1k00519;
	Fri, 29 Jun 2001 01:26:01 -0700 (PDT)
	(envelope-from cjc)
Date: Fri, 29 Jun 2001 01:26:01 -0700
From: "Crist J. Clark" <cristjc@earthlink.net>
To: Daniel Kelley <dkelley@otec.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: routing ip addresses through a freebsd firewall
Message-ID: <20010629012601.B375@blossom.cjclark.org>
Reply-To: cjclark@alum.mit.edu
References: <Pine.BSF.4.20L2.0106282050190.12239-100000@mx1.hq.ny.otec.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.BSF.4.20L2.0106282050190.12239-100000@mx1.hq.ny.otec.net>; from dkelley@otec.com on Thu, Jun 28, 2001 at 09:20:07PM -0400
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Thu, Jun 28, 2001 at 09:20:07PM -0400, Daniel Kelley wrote:

[snip]

> problem 1: routing
> 
> i'm unclear on whether or not i need to run routed or gated in order to
> forward the packets addressed to the 5 public ips into the firewall.

No. You don't need them. They would not help.

> i've
> seen a couple of things that suggest you can modify arp parameters in the
> kernel (?), but i'm not sure if this is advisable or not.

man arp

You probably do not need to mess with it anyway.
 
> problem 2: nat
> 
> i'd like to set up simple bi-directional nat and let the ipfilter rules
> handle everything else.  i've tried the following ipnat rules:
> 
> bimap <outside_interface> aa.bb.cc.0/24 -> 10.1.1.0/24
> 
> i'm not sure if i need a bimap in the opposite direction (inside->outside)

Nope.

That said, depending on what you are doing, "rdr" rules in combination
with a "map" rule might be a better choice.
-- 
Crist J. Clark                           cjclark@alum.mit.edu

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message