From owner-freebsd-questions@FreeBSD.ORG Wed Mar 26 10:42:44 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 42EC237B405 for ; Wed, 26 Mar 2003 10:42:44 -0800 (PST) Received: from web13503.mail.yahoo.com (web13503.mail.yahoo.com [216.136.175.82]) by mx1.FreeBSD.org (Postfix) with SMTP id C903E43F85 for ; Wed, 26 Mar 2003 10:42:43 -0800 (PST) (envelope-from bobbilly5@yahoo.com) Message-ID: <20030326184243.39073.qmail@web13503.mail.yahoo.com> Received: from [209.150.214.146] by web13503.mail.yahoo.com via HTTP; Wed, 26 Mar 2003 10:42:43 PST Date: Wed, 26 Mar 2003 10:42:43 -0800 (PST) From: Peter K To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Spam-Status: No, hits=0.0 required=5.0 tests=none version=2.50 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) Subject: Bridge + Natd + IPFW + Dummynet puzzles... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Mar 2003 18:42:47 -0000 Hello, I have a t1 with 16 ip's, which I need to share around this office. Some of those real/routable IP's I want to assign internally in the office, while at the same time them to be behind my FreeBSD firewall/dummynet pc. t1Router 209.150.x.145 | | 209.150.x.146 255.255.255.240 FreeBSD bridge/ipfw/dummynet/natd [two nics] 192.168.0.1 255.255.255.0 | | Server-209.150.214.147, Server 209.150.x.148 Workstation 192.168.0.x WorkStation 192.168.0.x So far my bridge and natd work fine, except those internal machines with 209.150 adress space can't see each other [they won't ping any other 209.150.x.x], but I can ping them from the outside and the can ping outside. The t1 router is directly connected into the FreeBSD machine. The handbook says I need to have DEFAULT_TO_ACCEPT in my kernel for ipfw, right now I just have firewall_type="open", and net.link.ether.bridge_ipfw: 0, that works but when I set that thing to 1 traffic dies randomly....so is that kernel option necessary? I think this setup is whacked and I'm just getting lucky that someone can actually see those machines from the outside, I just need advice on how this should be done / Is this a good way to do it? or is it possible to do it this way? Basically I want to have some machines with public IP inside my network behind a firewall/dummynet [subnetting too much headache for a network of 16 ip's], and other machines with private address space inside behind my firewall/dummynet thru natd. Peter __________________________________________________ Do you Yahoo!? Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com