From owner-freebsd-net Thu Feb 28 9:42:18 2002 Delivered-To: freebsd-net@freebsd.org Received: from mta07.onebox.com (mta07.onebox.com [64.68.77.180]) by hub.freebsd.org (Postfix) with ESMTP id 7F02537B402 for ; Thu, 28 Feb 2002 09:42:13 -0800 (PST) Received: from onebox.com ([10.1.111.10]) by mta07.onebox.com (InterMail vM.4.01.03.23 201-229-121-123-20010418) with SMTP id <20020228174208.UXLS26106.mta07.onebox.com@onebox.com> for ; Thu, 28 Feb 2002 09:42:08 -0800 Received: from [206.61.34.3] by onebox.com with HTTP; Thu, 28 Feb 2002 09:42:08 -0800 Date: Thu, 28 Feb 2002 11:42:08 -0600 From: "Hamilton Hoover" To: freebsd-net@freebsd.org Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit MIME-Version: 1.0 Message-Id: <20020228174208.UXLS26106.mta07.onebox.com@onebox.com> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all, I'm setting up a site that I'd like to have four separate networks connected through a single gateway/firewall with five network interfaces. Two Public (real IPs) interfaces on the same network with different IPs realIP1 realIP2 Three Private (fake IPS) interfaces on three separate networks 192.168.1 192.168.2 192.168.3 I want to break it down in to two groups site1 realIP1 --> 192.168.1 This is the only one I currently have running and works fine. I basicly allow ftp, http, https. I am using redirect_port for the protocols I want to allow in. I will change to redirect_address when I add site 2. site2 realIP2 --> 192.168.2 realIP2 --> 192.168.3 On this site I want to allow traffic for web to the DMZ 192.168.2 and dns to 192.168.3. I also want to allow certain traffic from 192.168.3 --> 192.168.2. I am unsure if I can have multiple nat devices and will a second nat'ed device conflict with the one from site1? There are no outbound restrications and I'm using ipfw for firewalling. All of the 192.168 wail need to send packets to the internet. So is it possible to list more then one nat interface? Is there a better way to do what I want here and keep three private nets? I currently running FreeBSD 4.4-RELEASE tia! Hamilton __________________________________________________ FREE voicemail, email, and fax...all in one place. Sign Up Now! http://www.onebox.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message