From owner-freebsd-security Mon Jan 29 18:52:23 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.marketnews.com (mail.marketnews.com [205.183.200.2]) by hub.freebsd.org (Postfix) with ESMTP id 8108737B402 for ; Mon, 29 Jan 2001 18:52:05 -0800 (PST) Received: (from nobody@localhost) by mail.marketnews.com (8.11.0/8.9.3) id f0U2psU39919 for freebsd-security@FreeBSD.ORG; Mon, 29 Jan 2001 21:51:54 -0500 (EST) X-Authentication-Warning: mail.marketnews.com: nobody set sender to mharding@marketnews.com using -f To: Subject: My FreeBSD Firewall Message-ID: <980823114.3a762c4a041fa@mail.marketnews.com> Date: Mon, 29 Jan 2001 21:51:54 -0500 From: MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 8bit User-Agent: IMP/PHP IMAP webmail program 2.2.0-pre13 X-Originating-IP: 63.23.134.35 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello. I am building a Firewall and have some questions about how to implement it. The basic firewall is a FreeBSD box running squid for transparent proxy, IPFW for dummynet to rate limit syn's, and IPF as my main statefull packet filter. The problem I have is with putting this into production. I have a T1 to the internet, the routers IP address is 172.16.1.1(well not really but it works for the example) and all of the computers on the LAN are in the 172.16.1.0 (once again..only for the example) network. So here I get to the question....is there any way to set the firewall with the same IP address as the router to make the install fairly transparent to the users? Could I set the firewall up as 172.16.1.1 and use NAT to let it communicate with the router for internet traffic? How would I set up my routing tables? Also if anyone has any input as far as how I am building my firewall that would be very appreciated. Thank you, Mason To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message