From owner-freebsd-questions  Thu Apr 30 18:54:26 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id SAA02557
          for freebsd-questions-outgoing; Thu, 30 Apr 1998 18:54:26 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from lymu.cylatech.com (lymu.cylatech.com [206.31.213.1])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA02497
          for <questions@freebsd.org>; Thu, 30 Apr 1998 18:54:10 -0700 (PDT)
          (envelope-from macgyver@lymu.cylatech.com)
Received: (from macgyver@localhost)
	by lymu.cylatech.com (8.8.8/8.8.8) id VAA20507
	for questions@freebsd.org; Thu, 30 Apr 1998 21:55:41 -0400 (EDT)
	(envelope-from macgyver)
From: Wilson MacGyver <macgyver@cylatech.com>
Message-Id: <199805010155.VAA20507@lymu.cylatech.com>
Subject: a question on firewall/proxy
To: questions@FreeBSD.ORG
Date: Thu, 30 Apr 1998 21:55:41 -0400 (EDT)
X-Mailer: ELM [version 2.4ME+ PL38 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hi,

I have a question regarding the firewall.

Let's say I have a FreeBSD box setup as the firewall. I alias the ip
address, so the NIC has a real IP address, and 192.168.1.1. I then
setup the rest of the LAN using 192.168.1.x address, with the 192.168.1.1
set as the gateway for all the win95 machines on the LAN. I recompile
the kernel with IPFIREWALL, and IPDIVERT. Set rc.conf's firewall setting
to YES, policy to 'open' for testing. edit /etc/service to insert
NATD entry, and then start the natd with "natd -log -interface ed1"
<ed1 is the NIC>. I did have the rc.conf GATEWAY setting to YES. But
the Network Address Translating doesn't seem to be happening. the alias.log
in /var/log is empty. Did I miss something simple, or am I totally clueless
here? Is the routing/NAT not working becuase I'm choosing to use a
non-routeable address, ie 192.168.x.x? If that's the case, then is the
only way to setup firewall is, I can't use any of the reserve address?

I suppose I can go to the proxy route instead, but for a general proxy
that works with telnet, ftp, www, ICQ, real audio, ie all the typicall
goodies a wi95 user would want to run, what should I use? Socks5?


Thanks a bunch,
Mac


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message