From owner-freebsd-questions  Thu Oct  1 10:42:35 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA28245
          for freebsd-questions-outgoing; Thu, 1 Oct 1998 10:42:35 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from tinker.com (troll.tinker.com [204.214.7.146])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA28223
          for <questions@freebsd.org>; Thu, 1 Oct 1998 10:42:25 -0700 (PDT)
          (envelope-from kim@tinker.com)
Received: by localhost (8.8.5/8.8.5)
Received: by mail.tinker.com via smap (V2.0)
	id xma006747; Thu Oct  1 12:37:09 1998
Received: by localhost (8.8.5/8.8.5) id MAA09072; Thu, 1 Oct 1998 12:44:42 -0500 (CDT)
Message-ID: <3613BF7A.8ADA1392@tinker.com>
Date: Thu, 01 Oct 1998 12:44:26 -0500
From: Kim Shrier <kim@tinker.com>
Organization: Shrier and Deihl
X-Mailer: Mozilla 4.05 [en] (X11; U; FreeBSD 2.2.7-RELEASE i386)
MIME-Version: 1.0
To: Alejandro Galindo Chairez AGALINDO <agalindo@servidor.exsocom.com.mx>
CC: questions@FreeBSD.ORG
Subject: Re: Firewall with 2 NIC and a NET class C
References: <Pine.BSF.3.96.981001095955.29413B-100000@servidor.exsocom.com.mx>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Alejandro Galindo Chairez AGALINDO wrote:
> 
> On Thu, 1 Oct 1998, Kim Shrier wrote:
> 
> > You have a couple of ways to approach this.  You could use network address
> > translation and have private addresses for all your machines.  The "public"
> > machines would have static mappings to real IP addresses that are aliased
> > on the outside interface of the firewall.  You would also use ipfw rules to
> > control the traffic.
> 
> ok i like the idea to have static mappings to real IP addrs. that are
> aliased on the out interface, how can i do that?
> 
   ... snip ...
> 
> Actually, the external router's ethernet port now is 208.195.117.2 with a
> mask /25, i will need to change the mask here too? and if yes, why the
> router indicate to me invalida mask /25? (the router is a CISCO 4000).
> 
> Other questions:
> 
>         I think if its posible to connect the firewall directly with the
> Router (without a hub) with a cross cable dos it work? or is necesary to
> use the hub?
> 
>         and how can i setup the routes in the firewall?

To start off, I will need to know how many machines are going to be publicly
accessible and what protocols need to be able to get to them.

You can connect the firewall directly to the router if you use a cross cable.

Since you will have 2 different network addresses on the two nic cards, all
you will need to do is specify a default route and the rest will be handled
by the IP forwarding code.

Kim Shrier
kim@tinker.com

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message