Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 1 Oct 1998 19:36:58 -0700 (PDT)
From:      Dan Busarow <dan@dpcsys.com>
To:        Leonardo Madrigal <lmadrig@acnet.net>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: routing for firewall purposes.
Message-ID:  <Pine.BSF.3.96.981001193221.6734A-100000@java.dpcsys.com>
In-Reply-To: <3613E88D.47123191@multired.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thu, 1 Oct 1998, Leonardo Madrigal wrote:
>                                     ---     ---       ----------
>                                     |  1 |     |  2 |       |  FREEBSD |
> 
>                                     ---     ---       ----------

Don't use tabs in ascii art, your diagram was unusable.

> So the thing, is that i need , to connect directly the cisco to my
> freebsd, and then connect the second nic to the hub,, so i can only
> then,
> start the ipfw, and make the rules , and then ALL the people , (machines
> 1and 2 ) if they want to reach the internet, the have first to
> to pass the FREEBSD server.
> all my ips are valid  and, the FreeBSD server uses a different gateway
> than the machines 1,and 2  to reach the internet cause the ip's from
> machine 1 , 2 are in the subnet 167.114.17.  and the server, its on the
> subnet 167.114.28.
> my cisco have two gateways configured.
> 
> the questions....
> does routed can do the job, or do i need gated?
> do i need natd?

Given that you have two different networks (IP wise) all you need
to do is turn on IP forwarding

enable_gateway="YES"

Do not use routed or gated.  You do not need natd.

> wich options do i need to configure in the rc.conf, and in the kernel?

You have to turn on the ipfw options inn the kernel (see LINT) and
set firewall_enable="YES" and firewall_type="open" (to get started)
Change the firewall type once you have rules defined and you are 
ready to test them.

Dan
-- 
 Dan Busarow                                                  949 443 4172
 Dana Point Communications, a California corporation        dan@dpcsys.com
 Dana Point, California  83 09 EF 59 E0 11 89 B4   8D 09 DB FD E1 DD 0C 82


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.981001193221.6734A-100000>