Date: Tue, 10 Apr 2001 10:55:29 -0400 From: "Elliott Perrin" <eperrin@bigorbit.com> To: "Roger Svenning" <ros@switch.no>, "'freebsd-questions@freebsd.org'" <freebsd-questions@FreeBSD.ORG> Subject: Re: routed, natd & ipfirewall [config help needed] Message-ID: <013601c0c1ce$49593260$8701a8c0@bottleneck2000> References: <E13BBFD5DA06D411ADC600508BC25BF714426A@switch01.switch.no>
next in thread | previous in thread | raw e-mail | index | archive | help
You have to make sure that your ISP is routing your subnet to your host (possible problem,
first place to look)
If the ISP is not routing the 217.8.130.32/27 subnet that you are assigned to your
217.8.129.69 interface sitting on their network then the problem is there. (I actually had
this problem with our last ISP, they kept removing the routes from a router and had a
Junior Admin that didn't understand why they had to be there)
If they are doing that already then you probably have a problem with the rules in IPFW and
NATD
Make sure that you run NATD with the -u option, which will translate addresses only for
unregistered (RFC1918) addresses and that NATD is running on the external interface (in
your layout the 217.8.129.69 interface)
Check through your IPFW rules to make sure you are allowing your DMZ out to the world,
eg.
allow all from {DMZ} to any
(don't use that rule!!!!!, it is just an example)
Aside from that I have a modified rc.firewall that I used when I was still running IPFW on
a three interfaced machine with LAN, DMZ and link to our ISP. Let me know if you want it.
----- Original Message -----
From: "Roger Svenning" <ros@switch.no>
To: "'freebsd-questions@freebsd.org'" <freebsd-questions@FreeBSD.ORG>
Sent: Tuesday, April 10, 2001 10:15 AM
Subject: routed, natd & ipfirewall [config help needed]
> Hi
>
> I've been running a box with natd & ipfw for connecting our local network to
> the internet and it works just fine.
>
> Now I want to set up a DMZ zone for servers that should be connected
> directly to the net without NAT
> I've added a third network card and enabled routed, but .. taadaa .. it
> doesn't work quite as expected :-)
>
> The DMZ zone can be reached from the gateway itself and the internal
> network, but not from the internet.
> The routing from xl2 to xl0 trough natd works just fine.
>
> Can any1 give me some advice on how to set this configuration up ?
>
> Here's the network layout:
>
> 217.8.129.70 (ISP gateway)
> |
> -> 217.8.129.69 (xl2 interface)(255.255.255.252)
> |
> -> 217.8.130.62 (xl1 interface)(255.255.255.224) -> DMZ zone
> |
> -> 10.0.1.1 (xl0 interface)(255.255.255.0) -> Local network
>
> Roger O. Svenning
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?013601c0c1ce$49593260$8701a8c0>