Date: Wed, 12 Jun 2002 17:48:47 -0300 From: "Pablo Bendersky" <pbendersky@mark-2k.com> To: <freebsd-questions@freebsd.org> Subject: 3 NICs question Message-ID: <000f01c21252$8e2df530$3700a8c0@mark>
next in thread | raw e-mail | index | archive | help
Hello, I currently have a FreeBSD 4.5 box with 3 NICs with the current setup: xl0 : Internal 192.168.0 lan xl1 : External, connected to an ADSL modem to share an internet account xl2 : New NIC, connected to a cablemodem. Currently I'm connecting using PPPoE, and then I nat tun0 to share the internet account. I have a firewall setted up, (See the configuration after it). So, xl1 connects to the ADSL modem, and we can share tun0 in our lan (via xl0). Now, we added the third NIC, xl2, and connected it with a cablemodem (it's getting its ip address via DHCP). What I want now is to NAT in the following way: - All the outcoming connections (for our lan to browse the net) go through xl1 (ADSL) - All the incoming connections to the xl2 IP address be natted to an internal web server. How can I do it? I tried adding a second nat service (with another port) and running a second instance of natd but it didn't work. Can anybody help me? Thanks a lot Our firewall rules currently are: 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00500 deny log ip from any to 10.0.0.0/8 via tun0 00600 deny log ip from any to 172.16.0.0/12 via tun0 00700 deny ip from any to 192.168.0.0/16 via tun0 00800 deny ip from any to 0.0.0.0/8 via tun0 00900 deny ip from any to 169.254.0.0/16 via tun0 01000 deny ip from any to 192.0.2.0/24 via tun0 01100 deny ip from any to 224.0.0.0/4 via tun0 01200 deny ip from any to 240.0.0.0/4 via tun0 01300 divert 8668 ip from any to any 01400 deny log ip from 10.0.0.0/8 to any via tun0 01500 deny log ip from 172.16.0.0/12 to any via tun0 01600 deny ip from 192.168.0.0/16 to any via tun0 01700 deny ip from 0.0.0.0/8 to any via tun0 01800 deny ip from 169.254.0.0/16 to any via tun0 01900 deny ip from 192.0.2.0/24 to any via tun0 02000 deny ip from 224.0.0.0/4 to any via tun0 02100 deny ip from 240.0.0.0/4 to any via tun0 02200 allow ip from any to any frag 02300 allow ip from any to any 65535 deny ip from any to any Pablo Bendersky pbendersky@mark-2k.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000f01c21252$8e2df530$3700a8c0>