From owner-freebsd-isp  Thu May 21 00:45:17 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id AAA18174
          for freebsd-isp-outgoing; Thu, 21 May 1998 00:45:17 -0700 (PDT)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from support.euronet.nl (support.euronet.nl [194.134.32.134])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA18158
          for <isp@FreeBSD.ORG>; Thu, 21 May 1998 00:45:10 -0700 (PDT)
          (envelope-from sake@euronet.nl)
Received: (from sake@localhost) by support.euronet.nl (8.8.5/8.6.12) id JAA00412; Thu, 21 May 1998 09:44:32 +0200 (CEST)
From: Sake Blok <sake@euronet.nl>
Message-Id: <199805210744.JAA00412@support.euronet.nl>
Subject: Re: FreeBSD firewall
In-Reply-To: <199805201908.MAA07730@smtp.triax.com> from Joe Read at "May 20, 98 12:11:28 pm"
To: joer@triax.com (Joe Read)
Date: Thu, 21 May 1998 09:44:32 +0200 (CEST)
Cc: isp@FreeBSD.ORG
Reply-To: sake@nl.euro.net
X-URL: http://www.euronet.nl/~sake/
X-quote: Experience is what you get when you were expecting something else.
X-Mailer: ELM [version 2.4ME+ PL31H (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> I'm trying to set up a simple little packet blocker box using two nics,
> once of which uses a crossover cable to the router, another which goes
> to our hub.  I can't seem to route packets between the two, currently
> I can't tell you why since I plugged the router straight back into the
> hub to resume company productivity. :)
> 
> Here's the setup I was trying:
> 
> Subnet routed to us: 206.58.97.64/26
> Router eth1 IP address: 206.58.97.65
> 
> ed0 (crossover cable to router eth1 port):
> ifconfig ed0 206.58.97.66 netmask 255.255.255.192
> route add -host 206.58.97.65 -interface ed0
> route add -net default 0.0.0.0 206.58.97.65
> 
> ed1 (lan connection):
> ifconfig ed1 206.58.97.89 netmask 255.255.255.192
> route add -net 206.58.97.64 255.255.255.192 206.58.97.66

The netmask is used to determine whether a host is on the same
physical network. Since you are splitting up your network into
two physical networks, you also must split up your IP-range
into two (smaller) subnets. Or better, ask for a /30 IP-range 
for your router and the ed0-interface.


Sake

P.S.  Depending on the router you can also set up the packet-dropping
      on the router and have it log it's data to your freebsd-host
-- 
Sake Blok                            * *      EuroNet Internet
                                   *     *    Herengracht 208 - 214
                                  *           1016 BS Amsterdam
E-mail: sake@nl.euro.net         *            Tel: +31 20 535 55 55

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message