Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 25 Jun 2002 16:35:40 -0700
From:      "Corey Snow" <>
Subject:   ipfw, nat and routing
Message-ID:  <3D189BDC.28738.2074C888@localhost>

Next in thread | Raw E-Mail | Index | Archive | Help

I'm currently trying to set up a FreeBSD 4.5-RELEASE box as both a 
router and a NAT system. Basically, it has two NICs, and sits between 
my DMZ and my private LAN. The DMZ is connected to the Internet via a 
FreeBSD-based filtering bridge, which works fine.

The DMZ is where I keep my routable IPs, for things like my webserver 
and mail system. On the backside of my NAT firewall, I use RFC1918 
addresses. The outer interface of the NAT firewall has a routable 
address, obviously.

I can get all this to work just fine. However, there's one more thing 
I'd like to add to this- the ability for the NAT firewall to also do 
simple routing between interfaces for my RFC1918 addresess. See, on 
my DMZ, in addition to my external IP addresses, I have used some 
RFC1918 addresses for various purposes, mostly for local 
administration. These RFC 1918 IPs are all in a single Class C. On 
the inside of the NAT firewall, I have another collection of RFC 1918 
addresses, also in their own Class C.

The internal interface of the NAT firewall has an address that is 
within that Class C, as does every other host on the network. The 
external interface of the NAT firewall has both a public IP and a 
private one. The private one is set as an alias.

I'd like my firewall to route packets from my internal private Class 
C to my DMZ one, or if packets are destined for the Internet, to 
perform NAT and pump them out on the public IP.

I can get this working one way, or the other, but not both at once. 
I'm still experimenting, but any suggestions would be helpful. Thanks 
a bunch.


Corey Snow

To Unsubscribe: send mail to
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <>