Date: Thu, 29 Jun 2000 15:31:23 -0700 From: "Robert M. Shields" <wildcard@bnswest.net> To: freebsd-questions@FreeBSD.org Subject: Re: DSL / Routing / ipfw issues Message-ID: <395BCE3A.BE39EFA6@bnswest.net>
next in thread | raw e-mail | index | archive | help
Oh and one more thing... I have NAT setup with the following in natd.conf: dynamic yes use_sockets yes same_ports yes Robert M. Shields "Crist J. Clark" wrote: > On Wed, Jun 28, 2000 at 07:51:43PM -0700, Robert M. Shields wrote: > > I had the firewall box enabled as a gateway with NAT onto the 2nd network to > > begin with... ( I guess that was relevant info, huh? ) I could ping the fxp0 > > interface from any system on the LAN, but when I tried to reach the 675 on the > > doze boxes, the packet would always time out. > > > > Which is why I was looking into turning the firewall into a network bridge, > > to avoid all that hoopla with running NAT twice. It's my understanding while > > acting a a bridge the firewall can just pass packets back and forth between > > networks, just as if they were physically connected, without any name > > translation or routing needed. Or should I just say screw it, loose the > > firewall and use the NAT and packet filtering in the 675? > > No need to run NAT twice. If you just want the FreeBSD box for > firewalling, do not bridge either. Just setup the FreeBSD box with > firewalling and IP forwarding enabled. Make sure to add the route > (lemme see if I remember my Cisco syntax), > > ip route 192.168.123.0 0.0.0.255 10.0.0.1 > > To the 675. Unless the 675 is a lot dumber than I would expect Cisco > hardware to be, all should work. > > Just do the NAT at the 675. If you do NAT at FreeBSD, no need for NAT > at the 675. Flip a coin. > -- > Crist J. Clark cjclark@alum.mit.edu > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?395BCE3A.BE39EFA6>