From owner-freebsd-questions  Thu Oct  1 10:19:50 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA25163
          for freebsd-questions-outgoing; Thu, 1 Oct 1998 10:19:50 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from servidor.exsocom.com.mx (servidor.exsocom.com.mx [200.34.46.130])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA25152
          for <questions@FreeBSD.ORG>; Thu, 1 Oct 1998 10:19:44 -0700 (PDT)
          (envelope-from agalindo@servidor.exsocom.com.mx)
Received: from servidor.exsocom.com.mx (servidor.exsocom.com.mx [200.34.46.130])
	by servidor.exsocom.com.mx (8.8.7/8.8.5) with SMTP id MAA01671;
	Thu, 1 Oct 1998 12:26:39 -0500 (CDT)
Date: Thu, 1 Oct 1998 12:26:39 -0500 (CDT)
From: Alejandro Galindo Chairez AGALINDO  <agalindo@servidor.exsocom.com.mx>
To: "Jasper O'Malley" <jooji@webnology.com>
cc: questions@FreeBSD.ORG
Subject: Re: Firewall with 2 NIC and a NET class C
In-Reply-To: <Pine.LNX.4.02.9810011018380.23363-100000@mercury.webnology.com>
Message-ID: <Pine.BSF.3.96.981001122505.1646A-100000@servidor.exsocom.com.mx>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Ok i will work and if i have any problem i will  reply other e-mail.

THANKS !!

Alejandro Galindo

On Thu, 1 Oct 1998, Jasper O'Malley wrote:

> On Thu, 1 Oct 1998, Alejandro Galindo Chairez AGALINDO wrote:
> 
> > ok in this case i can setup my outside network like a half class C (mask
> > 255.255.255.128) with the next ips: 208.195.117.1 - 208.195.117.127, and
> > the inside net with the ips 208.195.117.129 - 208.195.117.254.
> 
> Actually, the first subnet is 208.195.117.0 - 208.195.117.127, with .0 and
> .127 not useable. The second is 208.195.117.128 - 208.195.117.255, with
> .128 and .255 not useable.
> 
> > Actually, the external router's ethernet port now is 208.195.117.2 with a
> > mask /25, i will need to change the mask here too? and if yes, why the
> > router indicate to me invalida mask /25? (the router is a CISCO 4000).
> 
> A /25 mask is the same thing as 255.255.255.128; it should currently be a
> /24 (255.255.255.0). What version of the Cisco IOS are you running? Have
> you specified "ip classless" and "ip subnet zero" in your config? If not,
> that's probably why it's barking at you. Traditionally, subnet zero and
> subnet one (the first and last subnets in a classed network) were
> unusable, because the first subnet contains the network address for the
> entire network, and the last subnet contains the broadcast address for the
> entire network. This leaves no useable addresses in a class C
> split in two. Classless routing and VLSM have solved the first problem,
> and no-one ever uses the all subnets broadcast anyway :P so the second
> problem is moot. Cisco defaults to "traditional" settings, though, so you
> need to explicitly tell it you're not using classed networks ("ip
> classless"), and you'd like to use subnets zero and one ("ip subnet
> zero").
> 
> > Other questions:
> > 
> > 	I think if its posible to connect the firewall directly with the
> > Router (without a hub) with a cross cable dos it work? or is necesary to
> > use the hub? 
> 
> A well-constructed crossover cable will do the trick fine. You can,
> however, use a hub instead if you have any hosts you want to stick outside
> the firewall for any reason.
> 
> > 	and how can i setup the routes in the firewall?
> 
> 1) Turn on IP forwarding by setting gateway_enable="YES" in your rc.conf.
> 
> 2) Modify the static_routes entry in /etc/rc.conf and add some route
>    descriptions.
> 
> The rc.conf manpage is a little sketchy on the details, but in general,
> you name the routes you're setting up in static_routes, and add a line for
> each route you've named as follows:
> 
> static_routes="one two three"
> route_one="-net 192.168.1.0 192.168.0.1"
> route_two="-net 192.168.2.0 -netmask 255.255.255.128 192.168.0.5"
> route_three="-net 192.168.2.128 -netmask 255.255.255.128 192.168.0.25"
> 
> Each route_* line is passed as an argument to a "route add" command at
> startup.
> 
> Note that these are *examples* only. They have nothing to do with your
> situation. As a matter of fact, I don't think you'll need any static
> routes at all, unless you put more than one network behind the firewall.
> Just set the defaultrouter in the rc.conf to be the IP address of the
> Cisco's ethernet interface. The networks 208.195.117.0/25 and
> 208.195.117.128/25 will be directly connected. Then be sure to set the
> default gateway on the hosts behind the firewall to be the internal IP
> address of the firewall.
> 
> You'll need a reboot to make the firewall start forwarding packets between
> interfaces, or you can do it by hand:
> 
> sysctl -w net.inet.ip.forwarding=1
> 
> The reboot will also set up your new static routes, or, again, you can do
> this by hand without a reboot, with the route add command.
> 
> That's the easy stuff, though ;) The real fun is setting up natd and
> ipfirewall.
> 
> Cheers,
> Mick
> 
> The Reverend Jasper P. O'Malley          dotdot:jooji@webnology.com
>     Systems Administrator                  ringring:asktheadmiral
> 	Webnology, LLC               woowoo:http://www.webnology.com/~jooji
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message