From owner-freebsd-questions Wed Jun 28 17:33:42 2000 Delivered-To: freebsd-questions@freebsd.org Received: from bns.bnswest.net (bns.bnswest.net [204.245.2.2]) by hub.freebsd.org (Postfix) with ESMTP id C6E4C37BA69 for ; Wed, 28 Jun 2000 17:33:36 -0700 (PDT) (envelope-from wildcard@bnswest.net) Received: from bnswest.net (dial165.bnswest.net [204.245.2.165]) by bns.bnswest.net (8.9.0/8.9.0) with ESMTP id LAA02219 for ; Wed, 28 Jun 2000 11:31:51 -0700 (MST) Message-ID: <395A99D5.86C65388@bnswest.net> Date: Wed, 28 Jun 2000 17:35:34 -0700 From: "Robert M. Shields" X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-questions@FreeBSD.org Subject: DSL / Routing / ipfw issues Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello, I'm having issues with FreeBSD 3.2 - STABLE and a newly acquired cisco 675 DSL router. What I'm trying to do is drop the BSD box in-between the 675 & my network to act as an ip firewall, with the topology looking like such: -------- --------- ------- ----- | MyLan| ------- pn0 | IPFW | fxp0 ----- eth0| Cisco|wan0-0 -----| ISP| --------- --------- ------- ------ My lan has 3 other systems connected 2 windoze clients & a FBSD 3.2-stable Box providing DNS (as a shadow domain ) HTTP, FTP & telnet services. The DNS is configured to provide lookups for my own shadow domain, and forward anything else onto the ISP's DNS. pn0 has a internal ip address of 192.168.123.3 fxp0 has an external (to my client network) ip of 10.0.0.1 eth0 has an ip of 10.0.0.2 wan0-0 is set to DHCP an address from my ISP. Oh and the 675 is setup for NAT. What I'd like to know are what is the best (i.e. simplest) possible configurations for my ipfw in this situation. Would it be better to bridge the two networks together and have ipfw filter packets or can this be done easily by routing packets between the two interfaces? I had routing setup to begin with and was able to ping the 675 from my FreeBSD box (ip 192.168.123.1) but when I tried to ping the 675 from both of my windoze systems, the packets timed out. (Yes, I had the default gateway address of 192.168.123.3 setup in the windoze networking config.) Also, what should the cisco's & the firewalls routing tables look like with this setup? I've read the online tutorials at freebsd.org & mostgraveconcern.com (the cheat sheets), as well as relevant info in "TCP/IP networking" & "Building Internet Firewalls" both by O'reilly, but it seems I'm on on information overload right now ... ... Oh and my rc.firewall script looks almost similar to the one from the cheatsheets. I'll post it if you need it. Any help is greatly appreciated. Thanks, Robert M. Shields To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message