From owner-freebsd-questions Wed Mar 12 12:57: 6 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E242737B401 for ; Wed, 12 Mar 2003 12:57:04 -0800 (PST) Received: from web41407.mail.yahoo.com (web41407.mail.yahoo.com [66.218.93.73]) by mx1.FreeBSD.org (Postfix) with SMTP id 4B6F243F93 for ; Wed, 12 Mar 2003 12:57:04 -0800 (PST) (envelope-from davemac11@yahoo.com) Message-ID: <20030312205704.99995.qmail@web41407.mail.yahoo.com> Received: from [168.91.4.66] by web41407.mail.yahoo.com via HTTP; Wed, 12 Mar 2003 12:57:04 PST Date: Wed, 12 Mar 2003 12:57:04 -0800 (PST) From: Dave McCammon Subject: Re: transparent ipfw To: "Dave [Hawk-Systems]" , freebsd-questions In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --- "Dave [Hawk-Systems]" wrote: > Been browsing for a bit (knowing I will get some > rtfm responses from this) but > havnt come across a solid answer for this. Most > solutions involve NAT or some > other non-routable ip block type of solution. > > Have the following (192.168.100.0/24 used in place > of routable addresses) > > - Internet connection coming into port 1 of Cisco > switch(switch address > 192.168.100.1). > - Other FreeBSD servers(192.168.100.2 - > 192.168.100.252) connected to various > ports on the switch using the switch as the gateway > device. > - Other networks(192.168.101.0/24 etc...) connected > to the switch which is > bridging them over to the internet connection out of > port 1. > > Wish to place a FreeBSD server in front of the > switch to count traffic to and > from various IP addresses for the entire network. > > NIC1 on the FreeBSD box would go to the Internet > Connection > NIC2 on the FreeBSD box would go to the switch. > > All addresses used are routable(3 /24 blocks will be > coming down to NIC1), and > all addresses/packets should be passed through > without any NAT or other > readdressing taking place. Aside from telnetting > into the box itself, it doesn't > need any IP addresses except for whatever is needed > for the above setup. > > Comments appreciated, this would be my first > implementation of ipfw / fw rules > in general using a FreeBSD box. > > Dave > http://www.freebsd.org/doc/en_US.ISO8859-1/articles/filtering-bridges/index.html __________________________________________________ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message