From owner-freebsd-ipfw@FreeBSD.ORG  Thu Oct 16 07:48:18 2008
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 887A51065677
	for <freebsd-ipfw@freebsd.org>; Thu, 16 Oct 2008 07:48:18 +0000 (UTC)
	(envelope-from smithi@nimnet.asn.au)
Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [220.233.188.227])
	by mx1.freebsd.org (Postfix) with ESMTP id 439AB8FC3B
	for <freebsd-ipfw@freebsd.org>; Thu, 16 Oct 2008 07:48:16 +0000 (UTC)
	(envelope-from smithi@nimnet.asn.au)
Received: from localhost (localhost [127.0.0.1])
	by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id m9G7Ykw5069167;
	Thu, 16 Oct 2008 18:34:47 +1100 (EST)
	(envelope-from smithi@nimnet.asn.au)
Date: Thu, 16 Oct 2008 18:34:46 +1100 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: Lin Zhao <linzhao@ustc.edu.cn>
In-Reply-To: <424063004.07284@ustc.edu.cn>
Message-ID: <20081016174847.U4254@sola.nimnet.asn.au>
References: <424063004.07284@ustc.edu.cn>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Cc: freebsd-ipfw@freebsd.org
Subject: Re: pls help on 2 public ip
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Oct 2008 07:48:18 -0000

On Wed, 15 Oct 2008, Lin Zhao wrote:
 > hi all
 > 
 > we have a simple network
 > 
 >                          |-------------|
 > internal network---------|   freeBSD   |----------public network
 >           rl0/192.168.0.1|-------------|fxp0/a.b.c.1
 >                                              a.b.c.2?
 > 
 > currently 192.168.0.0/24 is natd to a.b.c.1, and i want to use another public ip
 > (a.b.c.2) for some special websites, such as www.abc.com. 
 > 
 > how can i configure the ipfw?
 > should i use alias ip or another nic?

If a.b.c.2 is a separate box from a.b.c.1 you'll likely want a separate 
segment, ie on another nic.  If the same box, you can use an fxp0 alias.

Looks like you could probably use a slightly modified 'simple' ruleset 
in rc.firewall as a starting point - though you'll want to enable ICMP 
(see examples in the 'workstation' rules) and probably replace 'me' with 
the specific a.b.c addresses in rules for the various services offered.

How is fxp0 connected to the public network?  Via another router?  Or eg 
PPPoE over ADSL?  It may matter in terms of whether your uplink is via a 
single address - that is, is a.b.c.2 reachable directly from the public 
internet, or only via a.b.c.1?  How many public IPs have you (netmask)?

cheers, Ian