From owner-freebsd-security  Tue Mar 13  9:31:17 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mailgate.kechara.net (mailgate.kechara.net [62.49.139.2])
	by hub.freebsd.org (Postfix) with ESMTP id ECC9B37B718
	for <security@freebsd.org>; Tue, 13 Mar 2001 09:31:11 -0800 (PST)
	(envelope-from lee@kechara.net)
Received: from area57 (lan-fw.kechara.net [62.49.139.3])
	by mailgate.kechara.net (8.9.3/8.9.3) with SMTP id SAA10089
	for <security@freebsd.org>; Tue, 13 Mar 2001 18:41:11 GMT
Message-Id: <200103131841.SAA10089@mailgate.kechara.net>
Date: Tue, 13 Mar 2001 17:35:00 -0000
To: security@freebsd.org
From: Lee Smallbone <lee@kechara.net>
Subject: [OT?] - Central point router
Reply-To: lee@kechara.net
Organization: Kechara Internet
X-Mailer: Opera 5.02 build 856a
X-Priority: 3 (Normal)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii";
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hi,

 I'm trying to set up a router (running freebsd) that will allow me to have
 all network traffic on one network segment run through this router. This
 is for purposes of applying global firewall rules, and also for traffic monitoring.
 My setup looks a little something like this:

                         62.xx.139.1
(internet) --- [telco supplied router]
		|
		|
		|
               	    [10/100 Switch] ----------- [firewall]-------(privately addressed LAN)
	/	|	\
         [server 3]	|	  \
     62.xx.139.6	|	    \
		|	      \
		|	  [server 1]
	          [server 2]        62.xx.139.4
	         62.xx.139.5


What I'd like to be able to do is have a similar setup, but for it to look like this:

                         62.xx.139.1
(internet) --- [telco supplied router]
		|
		|
		|	        62.xx.139.3
               	    [10/100 Switch] ----------- [firewall]-------(privately addressed LAN)
		|
		|
	       62.xx.139.7	
      ========[router/firewall]==========
	/	|	\
         [server 3]	|	  \
     62.xx.139.6	|	    \
		|	      \
		|	  [server 1]
	          [server 2]        62.xx.139.4
	         62.xx.139.5

 How can I achieve this? Any traffic destined for say, 62.xx.139.5 would have to 
 pass via 62.xx.139.7 first. 
 
 Any help appreciated.

--

Lee Smallbone
Kechara Internet

lee@kechara.net
www.kechara.net 

Tel: (01243) 869 969
Fax: (01243) 866 685



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message