From owner-freebsd-questions  Sun Dec 10 17:52: 4 2000
From owner-freebsd-questions@FreeBSD.ORG  Sun Dec 10 17:52:01 2000
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from itouch.co.nz (itouch.co.nz [203.99.66.188])
	by hub.freebsd.org (Postfix) with ESMTP id 4199837B400
	for <freebsd-questions@FreeBSD.ORG>; Sun, 10 Dec 2000 17:52:00 -0800 (PST)
Received: from jonc.itouch (jonc.itouch [192.168.2.21])
	by itouch.co.nz (8.11.1/8.11.1) with ESMTP id eBB1pv365055;
	Mon, 11 Dec 2000 14:51:57 +1300 (NZDT)
	(envelope-from jonc@itouch.co.nz)
Received: (from jonc@localhost)
	by jonc.itouch (8.11.1/8.11.1) id eBB1pvU15552;
	Mon, 11 Dec 2000 14:51:57 +1300 (NZDT)
	(envelope-from jonc)
Date: Mon, 11 Dec 2000 14:51:57 +1300
From: Jonathan Chen <jonathan.chen@itouch.co.nz>
To: Sean Peck <speck@newsindex.com>
Cc: "Crist J. Clark" <cjclark@reflexnet.net>,
	freebsd-questions@FreeBSD.ORG
Subject: Re: Configuring Gateway/NAT on Freebsd
Message-ID: <20001211145157.A15455@jonc.itouch>
References: <20001210150314.P96105@149.211.6.64.reflexcom.com> <Pine.BSF.4.10.10012101719370.5938-100000@www.newsindex.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.BSF.4.10.10012101719370.5938-100000@www.newsindex.com>; from speck@newsindex.com on Sun, Dec 10, 2000 at 05:24:50PM -0800
Sender: jonc@itouch.co.nz
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sun, Dec 10, 2000 at 05:24:50PM -0800, Sean Peck wrote:
[...]
>   I have the NIC listening to both IP's at least in theory, 172.16.0.1 and
> my public space IP... I assume that it must be listening there as well...
> perhaps incorrectly.

For a firewall, you need to have 2 NICs. One for your i/f to the 'Net,
and one for your i/f to your internal network. Think of a stream of
information that must pass in thru' your f/w rules before it can go out
thru' the second i/f to your internal network.

If your i/f to the 'Net is a dial-up ppp link, you set up ppp to
handle nat with a -nat option, instead of using 'natd'.
-- 
Jonathan Chen <jonathan.chen@itouch.co.nz>
----------------------------------------------------------------------
             "A person should be able to do a small bit of everything,
                                        specialisation is for insects"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message