Date: Thu, 21 May 1998 09:44:32 +0200 (CEST) From: Sake Blok <sake@euronet.nl> To: joer@triax.com (Joe Read) Cc: isp@FreeBSD.ORG Subject: Re: FreeBSD firewall Message-ID: <199805210744.JAA00412@support.euronet.nl> In-Reply-To: <199805201908.MAA07730@smtp.triax.com> from Joe Read at "May 20, 98 12:11:28 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> I'm trying to set up a simple little packet blocker box using two nics,
> once of which uses a crossover cable to the router, another which goes
> to our hub. I can't seem to route packets between the two, currently
> I can't tell you why since I plugged the router straight back into the
> hub to resume company productivity. :)
>
> Here's the setup I was trying:
>
> Subnet routed to us: 206.58.97.64/26
> Router eth1 IP address: 206.58.97.65
>
> ed0 (crossover cable to router eth1 port):
> ifconfig ed0 206.58.97.66 netmask 255.255.255.192
> route add -host 206.58.97.65 -interface ed0
> route add -net default 0.0.0.0 206.58.97.65
>
> ed1 (lan connection):
> ifconfig ed1 206.58.97.89 netmask 255.255.255.192
> route add -net 206.58.97.64 255.255.255.192 206.58.97.66
The netmask is used to determine whether a host is on the same
physical network. Since you are splitting up your network into
two physical networks, you also must split up your IP-range
into two (smaller) subnets. Or better, ask for a /30 IP-range
for your router and the ed0-interface.
Sake
P.S. Depending on the router you can also set up the packet-dropping
on the router and have it log it's data to your freebsd-host
--
Sake Blok * * EuroNet Internet
* * Herengracht 208 - 214
* 1016 BS Amsterdam
E-mail: sake@nl.euro.net * Tel: +31 20 535 55 55
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199805210744.JAA00412>