Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 1 Aug 2004 14:27:39 +0530
From:      "Subhro" <subhro@mailblocks.com>
To:        <freebsd-questions@freebsd.org>
Subject:   Gateway Setup
Message-ID:  <subhro-0EEnoAUGzrfA8hhW19AjnncA5pj8zoe@mailblocks.com>
References:  <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAAez9swEod0qC1G/hDF8vPMKAAAAQAAAAaORoMQMWH0eCx9xTc5W9NgEAAAAA@mailblocks.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
This is a multi-part message in MIME format.

------=_NextPart_000_0000_01C477D3.B12519E0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit

Greetings,

I am facing a problem in setting up my gateway so I am asking for help.
Let me describe me my setup.

My ISP gateway is *.*.144.49. I am assigned a few static IPS.

*.*.144.54
*.*.147.229
*.*.147.230

I would like to set up a FreeBSD packet filtering gateway. I have currently
laid out my network as:


------------				--------------
-------------
|           |				|		  |
|		  |
|    ISP    |*.*.144.49			| FreeBSD Box |*.*.147.229
|   Linux	  |
|  GATEWAY  |-----------------------|		  |-----------------------|
NAT    |
|           |		  *.*.144.54|		  |
*.*.147.230|		  |
-------------				---------------
-------------
	
| 172.16.0.1
	
|
	
|
	
|
	
|172.16.0.200
	
--------------
	
|		    |
	
|	 LAN	    |
	
|  	 Host	    |
	
|		    |
	
|		    |
	
---------------

My rc.conf looks like:

ifconfig_fxp0="inet 61.95.147.118  netmask 255.255.255.252"
ifconfig_sis0="inet  61.95.147.229 netmask 255.255.255.252"
ifconfig_sis0_alias0="inet 172.16.0.2 netmask 255.255.0.0"
gateway_enable="YES"
routed_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
arpproxy_all="YES"               # replaces obsolete kernel option
ARP_PROXYALL.
firewall_script="/etc/rc.firewall" # Which script to run to set up the
firewall
ip_portrange_first="10000"         # Set first dynamically allocated port
ip_portrange_last="20000"          # Set last dynamically allocated port
tcp_drop_synfin="YES"            # Set to YES to drop TCP packets with
SYN+FIN
icmp_drop_redirect="YES"         # Set to YES to ignore ICMP REDIRECT
packets

I have still not configured the firewall. I would be highly obliged if
anyone helps me by telling what are the things I am missing out? Another
point to be taken care of is, a couple of systems inside the LAN are having
a public IP. For example one of the host is having an IP of *.*.144.82. I am
not allowed to mess with the Linux NAT box in any way because of some
preinstalled commercial software solutions. However I can change the IPs of
the NAT box if necessary. Please help me out.

Thanks and Best Regards

Subhro

------=_NextPart_000_0000_01C477D3.B12519E0
Content-Type: application/x-pkcs7-signature;
	name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="smime.p7s"

MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIKGjCCAj0w
ggGmAhEAzbp/VvDf5LxU/iKss3KqVTANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEXMBUG
A1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNMjgwODAxMjM1OTU5WjBfMQsw
CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVi
bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
MIGJAoGBAOUZv22jVmEtmUhx9mfeuY3rt56GgAqRDvo4Ja9GiILlc6igmyRdDR/MZW4MsNBWhBiH
mgabEKFz37RYOWtuwfYV1aioP6oSBo0xrH+wNNePNGeICc0UEeJORVZpH3gCgNrcR5EpuzbJY1zF
4Ncth3uhtzKwezC6Ki8xqu6jZ9rbAgMBAAEwDQYJKoZIhvcNAQECBQADgYEATD+4i8Zo3+5DMw5d
6abLB4RNejP/khv0Nq3YlSI2aBFsfELM85wuxAc/FLAPT/+Qknb54rxK6Y/NoIAK98Up8YIiXbix
3YEjo3slFUYweRb46gVLlH8dwhzI47f0EEA8E8NfH1PoSOSGtHuhNbB7Jbq4046rPzidADQAmPPR
cZQwggNiMIICy6ADAgECAhAL2gsXwT+JjqsJdHq0zi4zMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNV
BAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMg
UHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05ODA1MTIwMDAwMDBaFw0wODA1MTIy
MzU5NTlaMIHMMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1
c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNv
cnAuIEJ5IFJlZi4sTElBQi5MVEQoYyk5ODFIMEYGA1UEAxM/VmVyaVNpZ24gQ2xhc3MgMSBDQSBJ
bmRpdmlkdWFsIFN1YnNjcmliZXItUGVyc29uYSBOb3QgVmFsaWRhdGVkMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQC7WkSKBBa7Vf0DeootlE8VeDa4DUqyb5xUv7zodyqdufBou5XZMUFweoFL
uUgTVi3HCOGEQqvAopKrRFyqQvCCDgLpL/vCO7u+yScKXbawNkIztW5UiE+HSr8Z2vkV6A+Hthzj
zMaajn9qJJLj/OBluqexfu/J2zdqyErICQbkmQIDAQABo4GwMIGtMA8GA1UdEwQIMAYBAf8CAQAw
RwYDVR0gBEAwPjA8BgtghkgBhvhFAQcBATAtMCsGCCsGAQUFBwIBFh93d3cudmVyaXNpZ24uY29t
L3JlcG9zaXRvcnkvUlBBMDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwudmVyaXNpZ24uY29t
L3BjYTEuY3JsMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYwDQYJKoZIhvcNAQECBQAD
gYEAAn2eb0VLOKC43ulTZCG85Ewrjx7+kkCs2Ao5aqEyISwHm6tZ/tJiGn1VOLA3c9z0B2ZjYr3h
U3BSh+eo2FLpWy2q4d7PrDFU1IsZyNgjqO8EKzJ9LBgcyHyJqC538kTRZQpNdLXu0xuSc3QuiTs1
E3LnQDGa07LEq+dWvovj+xUwggRvMIID2KADAgECAhASwHKkbKDka8G7HJL50EEjMA0GCSqGSIb3
DQEBBAUAMIHMMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1
c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNv
cnAuIEJ5IFJlZi4sTElBQi5MVEQoYyk5ODFIMEYGA1UEAxM/VmVyaVNpZ24gQ2xhc3MgMSBDQSBJ
bmRpdmlkdWFsIFN1YnNjcmliZXItUGVyc29uYSBOb3QgVmFsaWRhdGVkMB4XDTA0MDYyMTAwMDAw
MFoXDTA1MDYyMTIzNTk1OVowggETMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMW
VmVyaVNpZ24gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0
b3J5L1JQQSBJbmNvcnAuIGJ5IFJlZi4sTElBQi5MVEQoYyk5ODEeMBwGA1UECxMVUGVyc29uYSBO
b3QgVmFsaWRhdGVkMTQwMgYDVQQLEytEaWdpdGFsIElEIENsYXNzIDEgLSBNaWNyb3NvZnQgRnVs
bCBTZXJ2aWNlMRMwEQYDVQQDFApTdWJocm8gS2FyMSQwIgYJKoZIhvcNAQkBFhVzdWJocm9AbWFp
bGJsb2Nrcy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANvKLTlqtN+YsoThYs7R31rn
8zOGc/AlpGY1i8wcDhNb1hX7ka7Cie39g7RFUK5FK24QJ6p75fM9A+Ixn+UFJPt4kuLZLD4VYw5j
bAUm7c8ZSXOjoaQJ/JicU3WITkBeXkq36Gwbfj+xMRE2wWtYLSYnK/uez1/gqO43hy8EdCGxAgMB
AAGjggEGMIIBAjAJBgNVHRMEAjAAMIGsBgNVHSAEgaQwgaEwgZ4GC2CGSAGG+EUBBwEBMIGOMCgG
CCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vQ1BTMGIGCCsGAQUFBwICMFYwFRYO
VmVyaVNpZ24sIEluYy4wAwIBARo9VmVyaVNpZ24ncyBDUFMgaW5jb3JwLiBieSByZWZlcmVuY2Ug
bGlhYi4gbHRkLiAoYyk5NyBWZXJpU2lnbjARBglghkgBhvhCAQEEBAMCB4AwMwYDVR0fBCwwKjAo
oCagJIYiaHR0cDovL2NybC52ZXJpc2lnbi5jb20vY2xhc3MxLmNybDANBgkqhkiG9w0BAQQFAAOB
gQCBpVlTKHsy5A1RgatPfcladozSvo2uOMJibAHZtjPBZs1/7rLGz3JjN8f9WY8SFSBXI2Yo9lie
rB4r/UrpOTsF548Pi40yv4Gi1cxFQJJkHrv1voM/8fO5TqpD7L/h9RrjTmOMq2BBq8HjlCth144p
fk7fSUnB/MAuwJcB/5QOMzGCBI4wggSKAgEBMIHhMIHMMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5j
LjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWdu
LmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNvcnAuIEJ5IFJlZi4sTElBQi5MVEQoYyk5ODFIMEYGA1UE
AxM/VmVyaVNpZ24gQ2xhc3MgMSBDQSBJbmRpdmlkdWFsIFN1YnNjcmliZXItUGVyc29uYSBOb3Qg
VmFsaWRhdGVkAhASwHKkbKDka8G7HJL50EEjMAkGBSsOAwIaBQCgggMCMBgGCSqGSIb3DQEJAzEL
BgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA0MDgwMTA4NTczNlowIwYJKoZIhvcNAQkEMRYE
FLtXxOJ7QFlnEUhlibkXUSCy1LBSME4GCyqGSIb3DQEJEAIBMT8wPQQdAAAAABAAAABo5GgxAxYf
R4LH3FNzlb02AQAAAACAAQAwGTAXgRVzdWJocm9AbWFpbGJsb2Nrcy5jb20wZwYJKoZIhvcNAQkP
MVowWDAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcw
DQYIKoZIhvcNAwICASgwBwYFKw4DAhowCgYIKoZIhvcNAgUwgfIGCSsGAQQBgjcQBDGB5DCB4TCB
zDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
cmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9SUEEgSW5jb3JwLiBCeSBS
ZWYuLExJQUIuTFREKGMpOTgxSDBGBgNVBAMTP1ZlcmlTaWduIENsYXNzIDEgQ0EgSW5kaXZpZHVh
bCBTdWJzY3JpYmVyLVBlcnNvbmEgTm90IFZhbGlkYXRlZAIQEsBypGyg5GvBuxyS+dBBIzCB9AYL
KoZIhvcNAQkQAgsxgeSggeEwgcwxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3JlcG9zaXRv
cnkvUlBBIEluY29ycC4gQnkgUmVmLixMSUFCLkxURChjKTk4MUgwRgYDVQQDEz9WZXJpU2lnbiBD
bGFzcyAxIENBIEluZGl2aWR1YWwgU3Vic2NyaWJlci1QZXJzb25hIE5vdCBWYWxpZGF0ZWQCEBLA
cqRsoORrwbsckvnQQSMwDQYJKoZIhvcNAQEBBQAEgYBDwqW+dum0YqsGu4Q0W5MEoeWezEkxpxwA
CgNxa14wPt4JNbztYQ5jYV6MW3C7HOJDopTnkSl++twS+NrqkGZf7f/aUT1WRG+sz8yWGl8TcCom
1ES4L8EsH58XkRtkld79k9f/S1n0DfQVeD3/a870+Si1PuoOSsBu3iTdn6tlvgAAAAAAAA==

------=_NextPart_000_0000_01C477D3.B12519E0--




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?subhro-0EEnoAUGzrfA8hhW19AjnncA5pj8zoe>