From owner-freebsd-net  Tue Jul 23 12:24:10 2002
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0A9CA37B400
	for <freebsd-net@FreeBSD.ORG>; Tue, 23 Jul 2002 12:24:08 -0700 (PDT)
Received: from hidrogenio.widesoft.com.br (hidrogenio.widesoft.com.br [200.246.206.1])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A562143E5E
	for <freebsd-net@FreeBSD.ORG>; Tue, 23 Jul 2002 12:24:06 -0700 (PDT)
	(envelope-from tpeixoto@widesoft.com.br)
Received: from widesoft.com.br (cpe1065.papalegua.com.br [200.178.227.65] (may be forged))
	by hidrogenio.widesoft.com.br (8.12.1/8.12.1) with ESMTP id g6NJNxJe015539
	for <freebsd-net@FreeBSD.ORG>; Tue, 23 Jul 2002 16:23:59 -0300 (BRT)
Message-ID: <3D3DAD4B.A6C6AEC@widesoft.com.br>
Date: Tue, 23 Jul 2002 16:23:55 -0300
From: "Tobias P. Santos" <tpeixoto@widesoft.com.br>
X-Mailer: Mozilla 4.79 [en] (Windows NT 5.0; U)
X-Accept-Language: pt-BR,en
MIME-Version: 1.0
To: freebsd-net@FreeBSD.ORG
Subject: Firewall and DMZ
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

Hello,
        I would like to implement a firewall to my DMZ network, but
I am not sure about how to do it.

              +----------+
              | Internet | 123.456.789.254
              +----------+
                   |
          +------------------+
          | FreeBSD Firewall | 123.456.789.4
          +------------------+
                   |
     +-------------+-----------+
     |             |           |
     |             |           |
     |             |           |
+----------+  +---------+  +--------+
|   DNS    |  |   Web   |  | E-mail |
|  Server  |  |  Server |  | Server |
+----------+  +---------+  +--------+
123.456.789.1 123.456.789.2 123.456.789.3


        I know it is pretty easy to build ipfw rules when we have natd
(for my internal network for example), but I haven't figured out how to
forward packets between interfaces on the same network with valid IP
addresses.
        In fact, I'd like to have the same behavior of Drawbrigde
(drawbridge.tamu.edu), but it seems somewhat deprecated.
        So, where should I start from? Is there a software to do that?

        If this is not the correct mailing list, please tell me the
right one and sorry for the incovenience.
        Thank you in advance,

--
Tobias P. Santos

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message