From owner-freebsd-questions Fri Nov 24 3:47:59 2000 Delivered-To: freebsd-questions@freebsd.org Received: from vexpert.dbai.tuwien.ac.at (vexpert.dbai.tuwien.ac.at [128.130.111.12]) by hub.freebsd.org (Postfix) with ESMTP id 3577F37B4CF for ; Fri, 24 Nov 2000 03:47:56 -0800 (PST) Received: from [128.130.111.75] (procyon [128.130.111.75]) by vexpert.dbai.tuwien.ac.at (8.9.3/8.9.3) with ESMTP id MAA12183; Fri, 24 Nov 2000 12:47:42 +0100 (MET) Date: Fri, 24 Nov 2000 12:47:43 +0100 (CET) From: Toni Pisjak To: Cc: , Admin Subject: RE: ipfw on multiple NICs Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello ! It's a long time ago, that you wrote this message, but perhaps you still remember what you did at that time, to setup your firewall. These days i have the same problem, namely i cannot get the packages *through* the firewall. They arrive at one NIC, but don't reach the other NIC, though i tried all the suggestions explained below. Were these suggestions sufficient for you, or did you have to do something additional? Thanks in advance: Toni. ------------------------------------------------------------- On Sun, 9 May 1999, daniel B wrote: > I am in the process of setting up a firewall for my internal Freebsd LAN > The network looks like this: > > Internet-----[ DSL router ]----[ fbsd firewall ]----[ LAN ] > ep1 ep0 > > I have compiled my kernel for IPFIREWALL_VERBOSE > Added support for net interface ep1 in kernel > Enabled ipfw in the /etc/rc.conf > and I am using the 'simple' rule-set in /etc/rc.firewall to test setup > All machines (router, firewall and LAN) are on the same subnet /27 > All vital services DNS, HTTP and SMTP are running on the LAN machines > > My questions are: > 1.) What kind of gateway or routing mechanism should I use to force > incoming packets from the Internet to arrive at ep1 and pass through the > firewall and to ep0 and to the LAN > > 2.) outgoing packets from LAN to pass through ep0, firewall, ep1, router > and to the Internet. > > The LAN consept here is probably misleading because all machines are in > the same /27 subnet. Turn 'gateway_enable=YES' on in /etc/rc.conf, configure your interfaces, add a default route, and you should be set to go. I would _highly_ suggest saving some cash and setting up natd on the firewall. Doug White Internet: dwhite@resnet.uoregon.edu | FreeBSD: The Power to Serve http://gladstone.uoregon.edu/~dwhite | www.freebsd.org -------------------------------------------------------------------- -- Toni Pisjak Technische Universitaet Wien pisjak@dbai.tuwien.ac.at http://www.dbai.tuwien.ac.at To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message