From owner-freebsd-questions  Wed May 12 11: 6:21 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from cygnus.rush.net (cygnus.rush.net [209.45.245.133])
	by hub.freebsd.org (Postfix) with ESMTP id BA33A15075
	for <freebsd-questions@FreeBSD.ORG>; Wed, 12 May 1999 11:06:13 -0700 (PDT)
	(envelope-from bright@rush.net)
Received: from localhost (bright@localhost)
	by cygnus.rush.net (8.9.3/8.9.3) with SMTP id NAA15216;
	Wed, 12 May 1999 13:29:10 -0500 (EST)
Date: Wed, 12 May 1999 13:29:08 -0500 (EST)
From: Alfred Perlstein <bright@rush.net>
To: daniel B <danielb@pacex.net>
Cc: freebsd-questions@FreeBSD.ORG
Subject: RE: Multiple NICs in one subnet
In-Reply-To: <Pine.BSF.3.96.990512100400.25536A-100000@almazs.pacex.net>
Message-ID: <Pine.BSF.3.96.990512132751.26546K-100000@cygnus.rush.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Wed, 12 May 1999, daniel B wrote:

> 
> 
> On Wed, 12 May 1999, Alfred Perlstein wrote:
> 
> > On Tue, 11 May 1999, daniel B wrote:
> > 
> > > 	
> > > Realy need help on this one;
> > > 
> > > My network topology:
> > > 
> > > [ DSL router ]---[ fbsd firewall ]-----[  DNS/SMTP/HTTP machine ]
> > >                 ep1             ep0
> > > 
> ...
> 
> > 
> > here's what i did:
> > 
> > compile a kernel with bridging support (options BRIDGE),
> > take off the IP from "ep1", put an ip on "ep0",
> 
> Ok; but how do I implement firewall rules to to enable/disable packet
> transmission through ep1 if it does not have IP of it;s own?


ipfw add 100 deny ip from any to any 25 via ep1 

:)

> > enable bridge: sysctl -w net.link.ether.bridge=1
> > make sure the ep1 <-> DSL router is on a single cable,
> 
> OK; I can use crossover UTP cable
> 
> > hook up "ep0" to a hub/switch with the rest of your network on it.
> > 
> > note: ep1 shouldn't have an IP address
> 
> One last question: Is the default router for the inside lan and the
> firewall the same? right now the default router is the DSL router itself
> Don't need to run routed on the firewall machine, do I?

all your machines should still be using the DSL router as the gateway.

-Alfred



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message