From owner-freebsd-net Tue Jul 23 16:44:35 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 74DBF37B400 for ; Tue, 23 Jul 2002 16:44:30 -0700 (PDT) Received: from sccrmhc02.attbi.com (sccrmhc02.attbi.com [204.127.202.62]) by mx1.FreeBSD.org (Postfix) with ESMTP id E807643E31 for ; Tue, 23 Jul 2002 16:44:29 -0700 (PDT) (envelope-from julian@elischer.org) Received: from InterJet.elischer.org ([12.232.206.8]) by sccrmhc02.attbi.com (InterMail vM.4.01.03.27 201-229-121-127-20010626) with ESMTP id <20020723234429.FCXD19639.sccrmhc02.attbi.com@InterJet.elischer.org>; Tue, 23 Jul 2002 23:44:29 +0000 Received: from localhost (localhost.elischer.org [127.0.0.1]) by InterJet.elischer.org (8.9.1a/8.9.1) with ESMTP id MAA07176; Tue, 23 Jul 2002 12:43:09 -0700 (PDT) Date: Tue, 23 Jul 2002 12:43:07 -0700 (PDT) From: Julian Elischer To: "Tobias P. Santos" Cc: freebsd-net@FreeBSD.ORG Subject: Re: Firewall and DMZ In-Reply-To: <3D3DAD4B.A6C6AEC@widesoft.com.br> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue, 23 Jul 2002, Tobias P. Santos wrote: > Hello, > I would like to implement a firewall to my DMZ network, but > I am not sure about how to do it. > > +----------+ > | Internet | 123.456.789.254 > +----------+ > | > +------------------+ > | FreeBSD Firewall | 123.456.789.4 > +------------------+ > | > +-------------+-----------+ > | | | > | | | > | | | > +----------+ +---------+ +--------+ > | DNS | | Web | | E-mail | > | Server | | Server | | Server | > +----------+ +---------+ +--------+ > 123.456.789.1 123.456.789.2 123.456.789.3 > nice picture > > I know it is pretty easy to build ipfw rules when we have natd > (for my internal network for example), but I haven't figured out how to > forward packets between interfaces on the same network with valid IP > addresses. Unfortunatly the nice picture doesn't help me understand what your question is.. :-) some examples please.... > In fact, I'd like to have the same behavior of Drawbrigde > (drawbridge.tamu.edu), but it seems somewhat deprecated. > So, where should I start from? Is there a software to do that? > > If this is not the correct mailing list, please tell me the > right one and sorry for the incovenience. > Thank you in advance, > > -- > Tobias P. Santos > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message