From owner-freebsd-security Mon Jan 29 19: 1:43 2001 Delivered-To: freebsd-security@freebsd.org Received: from sonar.noops.org (adsl-63-195-97-84.dsl.snfc21.pacbell.net [63.195.97.84]) by hub.freebsd.org (Postfix) with ESMTP id F003037B402 for ; Mon, 29 Jan 2001 19:01:23 -0800 (PST) Received: from localhost (root@localhost) by sonar.noops.org (8.9.3/8.9.3) with ESMTP id TAA36124; Mon, 29 Jan 2001 19:01:27 -0800 (PST) (envelope-from root@noops.org) Date: Mon, 29 Jan 2001 19:01:27 -0800 (PST) From: Thomas Cannon To: mharding@marketnews.com Cc: freebsd-security@FreeBSD.ORG Subject: Re: My FreeBSD Firewall In-Reply-To: <980823114.3a762c4a041fa@mail.marketnews.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org If you want to add the firewall but keep the default gateway the same for all the clients you'll either have to do some sort of abracadabra magic with arp, or take the path of least resistance -- change the router's IP and make your firewall 127.16.1.1 Just my $.02 ... if even that much -tcannon On Mon, 29 Jan 2001 mharding@marketnews.com wrote: > Hello. I am building a Firewall and have some questions about how to implement > it. The basic firewall is a FreeBSD box running squid for transparent proxy, > IPFW for dummynet to rate limit syn's, and IPF as my main statefull packet > filter. The problem I have is with putting this into production. I have a T1 > to the internet, the routers IP address is 172.16.1.1(well not really but it > works for the example) and all of the computers on the LAN are in the 172.16.1.0 > (once again..only for the example) network. So here I get to the > question....is there any way to set the firewall with the same IP address as > the router to make the install fairly transparent to the users? Could I set > the firewall up as 172.16.1.1 and use NAT to let it communicate with the router > for internet traffic? How would I set up my routing tables? Also if anyone > has any input as far as how I am building my firewall that would be very > appreciated. > > Thank you, > Mason > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message