From owner-freebsd-questions Sun Dec 10 18: 5:51 2000 From owner-freebsd-questions@FreeBSD.ORG Sun Dec 10 18:05:48 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from www.newsindex.com (www.newsindex.com [64.71.138.178]) by hub.freebsd.org (Postfix) with ESMTP id 2D72D37B6A7 for ; Sun, 10 Dec 2000 18:05:45 -0800 (PST) Received: from localhost (speck@localhost) by www.newsindex.com (8.9.3/8.9.3) with ESMTP id SAA09842; Sun, 10 Dec 2000 18:05:31 -0800 (PST) (envelope-from speck@www.newsindex.com) Date: Sun, 10 Dec 2000 18:05:31 -0800 (PST) From: Sean Peck To: Jonathan Chen Cc: freebsd-questions@freebsd.org Subject: Re: Configuring Gateway/NAT on Freebsd In-Reply-To: <20001211145157.A15455@jonc.itouch> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: speck@www.newsindex.com Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Ok, Well the connection is permanent, not PPP. (DSL) THe box has 1 physical NIC, I have it configured to the PUBLIC IP, and aliased to 172.16.0.1 as well... So, in theory at least it should be answering to both address, I have tun0 linking the 172.16.0.1 to the public space (I believe this is what I have to do) But I have been unable to successfully get things working. I assume that my other boxes, should be pointing to 172.16.0.1 as their default router and be in the 172.16.0.x space... But so far I have not been able to get it to successfully working... I have the public space entry for the single NIC card pointing to the default router up in the ISP space... I think I am missing something vital. On Mon, 11 Dec 2000, Jonathan Chen wrote: > On Sun, Dec 10, 2000 at 05:24:50PM -0800, Sean Peck wrote: > [...] > > I have the NIC listening to both IP's at least in theory, 172.16.0.1 and > > my public space IP... I assume that it must be listening there as well... > > perhaps incorrectly. > > For a firewall, you need to have 2 NICs. One for your i/f to the 'Net, > and one for your i/f to your internal network. Think of a stream of > information that must pass in thru' your f/w rules before it can go out > thru' the second i/f to your internal network. > > If your i/f to the 'Net is a dial-up ppp link, you set up ppp to > handle nat with a -nat option, instead of using 'natd'. > -- > Jonathan Chen > ---------------------------------------------------------------------- > "A person should be able to do a small bit of everything, > specialisation is for insects" > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message