Date: 20 Oct 2003 08:48:46 -0400 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: g38@rdsbv.ro Cc: freebsd-questions@freebsd.org Subject: Re: ipfw routing Message-ID: <44fzhokrbl.fsf@be-well.ilk.org> In-Reply-To: <200310181006.21802.g38@rdsbv.ro> References: <200310181006.21802.g38@rdsbv.ro>
next in thread | previous in thread | raw e-mail | index | archive | help
Petre Bandac <g38@rdsbv.ro> writes: > I have to use a freebsd machine as a gateway router; I did manage to make natd > work, but now I have also a subnet routed to the machine That sounds fine. How you handle it will depend on whether you want outside hosts to be able to initiate connections into that subnet or not. If not, it's easy: you just need '-unregistered_only'. If you do want full access into those machines, I don't see why just setting up a route on the gateway machine shouldn't be enough to just do it on a machine already configured for IP forwarding. Of course, you'll need to let the packets through the firewall. > I'm looking for the ipfw command similar to iptables' -A FORWARD -d $subnet/ > $mask -j ACCEPT Sorry, I don't use iptables, so that doesn't mean anything to me. I can guess that it's going to just let in all packets destined for subnet/mask, but surely you want to do *some* firewalling... > also, what's the difference between ipfw add pass and ipfw add forward ? The former accepts a packet for processing by the IP stack, while the latter bypasses the forwarding portions of the stack.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44fzhokrbl.fsf>