From owner-freebsd-questions Thu Jun 29 15:29:27 2000 Delivered-To: freebsd-questions@freebsd.org Received: from bns.bnswest.net (bns.bnswest.net [204.245.2.2]) by hub.freebsd.org (Postfix) with ESMTP id 5536737C1E3 for ; Thu, 29 Jun 2000 15:29:23 -0700 (PDT) (envelope-from wildcard@bnswest.net) Received: from bnswest.net (dial134.bnswest.net [204.245.2.134]) by bns.bnswest.net (8.9.0/8.9.0) with ESMTP id JAA09763 for ; Thu, 29 Jun 2000 09:27:54 -0700 (MST) Message-ID: <395BCE3A.BE39EFA6@bnswest.net> Date: Thu, 29 Jun 2000 15:31:23 -0700 From: "Robert M. Shields" X-Mailer: Mozilla 4.73 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-questions@FreeBSD.org Subject: Re: DSL / Routing / ipfw issues Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Oh and one more thing... I have NAT setup with the following in natd.conf: dynamic yes use_sockets yes same_ports yes Robert M. Shields "Crist J. Clark" wrote: > On Wed, Jun 28, 2000 at 07:51:43PM -0700, Robert M. Shields wrote: > > I had the firewall box enabled as a gateway with NAT onto the 2nd network to > > begin with... ( I guess that was relevant info, huh? ) I could ping the fxp0 > > interface from any system on the LAN, but when I tried to reach the 675 on the > > doze boxes, the packet would always time out. > > > > Which is why I was looking into turning the firewall into a network bridge, > > to avoid all that hoopla with running NAT twice. It's my understanding while > > acting a a bridge the firewall can just pass packets back and forth between > > networks, just as if they were physically connected, without any name > > translation or routing needed. Or should I just say screw it, loose the > > firewall and use the NAT and packet filtering in the 675? > > No need to run NAT twice. If you just want the FreeBSD box for > firewalling, do not bridge either. Just setup the FreeBSD box with > firewalling and IP forwarding enabled. Make sure to add the route > (lemme see if I remember my Cisco syntax), > > ip route 192.168.123.0 0.0.0.255 10.0.0.1 > > To the 675. Unless the 675 is a lot dumber than I would expect Cisco > hardware to be, all should work. > > Just do the NAT at the 675. If you do NAT at FreeBSD, no need for NAT > at the 675. Flip a coin. > -- > Crist J. Clark cjclark@alum.mit.edu > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message