Date: Sun, 1 Aug 2004 14:41:09 +0530 From: "Subhro" <subhro@mailblocks.com> To: <freebsd-questions@freebsd.org> Subject: Gateway Setup Message-ID: <subhro-0OUzoAUezrfAxoY%2B7f/z1B0Uh0NdSj2@mailblocks.com> References: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAAez9swEod0qC1G/hDF8vPMKAAAAQAAAAqCHKPowa2ESKCZBxfjfe3gEAAAAA@mailblocks.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
-----Original Message-----
From: owner-freebsd-questions@freebsd.org
[mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Subhro
Sent: Sunday, August 01, 2004 14:28
To: freebsd-questions@freebsd.org
Subject: Gateway Setup
Greetings,
I am facing a problem in setting up my gateway so I am asking for help.
Let me describe me my setup.
My ISP gateway is *.*.144.49. I am assigned a few static IPS.
*.*.144.54
*.*.147.229
*.*.147.230
I would like to set up a FreeBSD packet filtering gateway. I have currently
laid out my network as:
------------ --------------
-------------
| | | |
| |
| ISP |*.*.144.49 | FreeBSD Box |*.*.147.229
| Linux |
| GATEWAY |-----------------------| |-----------------------|
NAT |
| | *.*.144.54| |
*.*.147.230| |
------------- ---------------
-------------
| 172.16.0.1
|
|
|
|172.16.0.200
--------------
| |
| LAN |
| Host |
| |
| |
---------------
My rc.conf looks like:
ifconfig_fxp0="inet 61.95.147.118 netmask 255.255.255.252"
ifconfig_sis0="inet 61.95.147.229 netmask 255.255.255.252"
ifconfig_sis0_alias0="inet 172.16.0.2 netmask 255.255.0.0"
gateway_enable="YES"
routed_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
arpproxy_all="YES" # replaces obsolete kernel option
ARP_PROXYALL.
firewall_script="/etc/rc.firewall" # Which script to run to set up the
firewall
ip_portrange_first="10000" # Set first dynamically allocated port
ip_portrange_last="20000" # Set last dynamically allocated port
tcp_drop_synfin="YES" # Set to YES to drop TCP packets with
SYN+FIN
icmp_drop_redirect="YES" # Set to YES to ignore ICMP REDIRECT
packets
I have still not configured the firewall. I would be highly obliged if
anyone helps me by telling what are the things I am missing out? Another
point to be taken care of is, a couple of systems inside the LAN are having
a public IP. For example one of the host is having an IP of *.*.144.82. I am
not allowed to mess with the Linux NAT box in any way because of some
preinstalled commercial software solutions. However I can change the IPs of
the NAT box if necessary. Please help me out.
Thanks and Best Regards
Subhro
Sorry the figure messed up. Actually What I meant is,
The ISP gateway is *.*.144.49
The FreeBSD router is supposed to have two interfaces with IPS *.*.144.54,
which is in the next hop of ISP gateway. The other interface is *.*.147.229.
This interface is supposed to have the packets filtered from *.54. The
interface is connected to a Linux NAT box having one interface, *.*.147.230
and another interface connected to the LAN 172.16.0.1. I am not allowed to
play with the NAT box. Another point to be taken care of is, the LAN
contains a couple of hosts which are assigned a public ip statically. Could
anyone help me setup the above network please?
[-- Attachment #2 --]
0 *H
01
0 +�0 *H
��
0=0�ͺVT"rU0
*H
�0_1
0 UUS10U
VeriSign, Inc.1705U
.Class 1 Public Primary Certification Authority0
960129000000Z
280801235959Z0_1
0 UUS10U
VeriSign, Inc.1705U
.Class 1 Public Primary Certification Authority00
*H
��0�mVa-Hqg뷞
8%Fs$]
en
VsߴX9knը?144g NEVi xG)6c\-{2{0*/1g�0
*H
��L?hC3]Mz36ؕ"6hl|B.?OvJ͠
)"]݁#{%F0yK
@<_ SH䆴{5{%ӎ?8�4�q0b0ˠ
? tz.30
*H
�0_1
0 UUS10U
VeriSign, Inc.1705U
.Class 1 Public Primary Certification Authority0
980512000000Z
080512235959Z010U
VeriSign, Inc.1 0
U
VeriSign Trust Network1F0DU
=www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)981H0FU?VeriSign Class 1 CA Individual Subscriber-Persona Not Validated00
*H
��0�ZDUz-Ox6
JoTw*h1ApzKHV-BD\B/;'
]6B3nTOJ
ƚj$e~7jJ �00U
0�0GU
@0>0<
`HE0-0++ www.verisign.com/repository/RPA01U
*0(0&$" http://crl.verisign.com/pca1.crl0
U
0 `HB0
*H
��}oEK8Sd!L+
@
9j2!,Yb}U87sfcbSpRR[-Ϭ1Tԋ#+2},
|.wDe
Mtst.;5r@1ӲīV0o0ؠrlk
A#0
*H
�010U
VeriSign, Inc.1 0
U
VeriSign Trust Network1F0DU
=www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)981H0FU?VeriSign Class 1 CA Individual Subscriber-Persona Not Validated0
040621000000Z
050621235959Z010U
VeriSign, Inc.1 0
U
VeriSign Trust Network1F0DU
=www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)981
0
U
Persona Not Validated1402U
+Digital ID Class 1 - Microsoft Full Service10U
Subhro Kar1$0" *H
subhro@mailblocks.com00
*H
��0�-9jߘbZ3s%f5
[EPE+n'{=1$x,>ccl&Is SuN@^^Jl~?16kX-&'+_7/t!�00 U
0�0U
00
`HE00(+
https://www.verisign.com/CPS0b+0V0VeriSign, Inc.0=VeriSign's CPS incorp. by reference liab. ltd. (c)97 VeriSign0 `HB03U
,0*0(&$"http://crl.verisign.com/class1.crl0
*H
��YS({2
QO}ZvҾ8blٶ3frc7Y W#f(X
+J9;2E@d
?NCNc`A+a)~NII.3100010U
VeriSign, Inc.1 0
U
VeriSign Trust Network1F0DU
=www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)981H0FU?VeriSign Class 1 CA Individual Subscriber-Persona Not Validatedrlk
A#0 +�0 *H
1
*H
0
*H
1
040801091108Z0# *H
1vi0F:yءO$0N
*H
1?0=
�������!>D q~7�����00subhro@mailblocks.com0g *H
1Z0X0
*H
0*H
�0
*H
@0+0
*H
(0+0
*H
0 +710010U
VeriSign, Inc.1 0
U
VeriSign Trust Network1F0DU
=www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)981H0FU?VeriSign Class 1 CA Individual Subscriber-Persona Not Validatedrlk
A#0
*H
1䠁010U
VeriSign, Inc.1 0
U
VeriSign Trust Network1F0DU
=www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)981H0FU?VeriSign Class 1 CA Individual Subscriber-Persona Not Validatedrlk
A#0
*H
�JIԹNWq
^De@PJ{
orF
4k U�X�
Pv8O *D
JNS7?QMK�كçE×'aVXǓ������
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?subhro-0OUzoAUezrfAxoY%2B7f/z1B0Uh0NdSj2>