Date: Thu, 30 Jul 1998 13:09:58 +0200 (SAT) From: Graham Wheeler <gram@cdsec.com> To: Rune.Mossige@waii.com (Rune Mossige) Cc: hackers@FreeBSD.ORG Subject: Re: ipfw and 3 network cards Message-ID: <199807301109.NAA00538@cdsec.com> In-Reply-To: <Pine.A41.3.96.980730112119.29334C-100000@svs03.norway.waii.com> from "Rune Mossige" at Jul 30, 98 11:26:52 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > > Hello, > For the best part of the last week, I have been trying to get an older > 386, 8MB memory, and 3 x 3COM 3C509's to run as a mini firewall between > three subnets, two internal and one external via an ascend pipeline 50 > router. > > I am not able to get all three interfaces to work as expected. It appears > that ipfw only works good with two interfaces, and I have not been able > to locate any info on how to get three interfaces to work properly. This is not true; there is no inherent relationship between the number of interfaces and the filtering code. Each NIC driver calls ip_input when it has an IP datagram for processing. ip_input checks the IP version and checksum, and then applies the filters. These are done in a uniform fashion regardless of the NIC on which the datagram arrived. > Any pointers to where I can get hins/tips on how to set this up would be > appreciated. Use the accounting facilities and a controlled test environment. Do a `ipfw -a l' and send the output to a file, run a test, do the `ipfw -a l' again sending the output to a different file, diff the files, and you will be able to see which rules were applied to the packets in your test. You should be able to work things out fairly easily this way. g. -- Dr Graham Wheeler E-mail: gram@cdsec.com Citadel Data Security Phone: +27(21)23-6065/6/7 Internet/Intranet Network Specialists Mobile: +27(83)253-9864 Firewalls/Virtual Private Networks Fax: +27(21)24-3656 Data Security Products WWW: http://www.cdsec.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807301109.NAA00538>