Date: Thu, 01 Nov 2001 12:48:56 +0200 From: Sheldon Hearn <sheldonh@starjuice.net> To: freebsd-questions@FreeBSD.org Subject: Routing for a management interface on a firewall Message-ID: <75260.1004611736@axl.seasidesoftware.co.za>
next in thread | raw e-mail | index | archive | help
Hi folks,
I'm building a FreeBSD 4.4-STABLE firewall with 3 interfaces. I have
two questions.
The sketch below needs to be viewed in a fixed-width font:
<tt>
Public interface (216.123.44.2/24)
|
+-----|-----+
| |
| Firewall: |
| ipfw/natd =-- Management interface (216.123.49.36)
| |
| |
+-----|-----+
|
Private interface (10.0.0.1/24)
</tt>
Every address on the private network has a corresponding address on
the public network. This means that I only need natd for address
translation. I don't need port mapping, and 216.123.44.2 itself doesn't
need to be mapped to a private address.
I have all my interface aliases set up on 216.123.44.2 and have my
natd translations between the 216.123.44.2/24 and 10.0.0.1/24 networks
configured.
1) Do I need skipto rules for 216.123.44.2 that prevent traffic to or
from that specific IP address being diverted to natd? Alternatively,
should I map 10.0.0.1 to 216.123.44.2 with natd?
2) How do I set up routing so that traffic _from_ 216.123.44.2/24 leaves
via the public interface and not via the management interface? Right
now, my defaultrouter is 216.123.49.33 so that sshd will work.
Thanks,
Sheldon.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?75260.1004611736>