From owner-freebsd-questions  Fri May  7 11:47:23 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from cygnus.rush.net (cygnus.rush.net [209.45.245.133])
	by hub.freebsd.org (Postfix) with ESMTP id 8EF5C14BC9
	for <freebsd-questions@FreeBSD.ORG>; Fri,  7 May 1999 11:47:19 -0700 (PDT)
	(envelope-from bright@rush.net)
Received: from localhost (bright@localhost)
	by cygnus.rush.net (8.9.3/8.9.3) with SMTP id OAA24843;
	Fri, 7 May 1999 14:08:39 -0500 (EST)
Date: Fri, 7 May 1999 14:08:37 -0500 (EST)
From: Alfred Perlstein <bright@rush.net>
To: John Cuzzola <vdrifter@ocis.net>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: Packet Forwarding
In-Reply-To: <3733337C.DC5AAC6B@ocis.net>
Message-ID: <Pine.BSF.3.96.990507140646.7628X-100000@cygnus.rush.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Fri, 7 May 1999, John Cuzzola wrote:

> Hi There,
> 
>   I have a FreeBSD 3.1 box acting as a Firewall/Router. The box has two
> network cards(ed1 and ed2) and packet forwarding is working fine. Here
> is my problem:
> 
> INTERNET----ROUTER -------ED1,ED2----------MACHINE BEHIND FIREWALL(MBF)
> 
> The "machine behind the firewall"(MBF) has a resolvable ip address say
> (204.14.1.7) and is on interface ED2. The router is on ED1. I need it to
> be resolvable because I want it to be accessable via the internet.
> Packets go out from MBF but they don't come back. The problem is that
> the router(which I DONT have access to), when it receives a packet
> destined for 204.14.1.0/24 it does an ARP and gets no response. If  I
> had access to the router all I would need to do is add the appropriate
> route and it would work fine, but unfortunately this is not an option.
> What I need is the FreeBSD box to respond to the ARP request(proxy arp)
> and forward the received packets to MBF. I've tried natd, ipfw fwd,
> proxy arp, and various combinations of the three. Can someone help me?

I've found that enabling BRIDGE in my kernel worked nicely (the ED1,ED2
machine)

man bridge

(you can even ipfw filter bridged packets! :) )

however with -current i'm getting panics with divert sockets and bridge
enabled at the same time, choose bridge, or nat it seems for now.

-Alfred




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message