Date: Thu, 28 Jun 2001 21:20:07 -0400 (EDT) From: Daniel Kelley <dkelley@otec.com> To: freebsd-questions@freebsd.org Subject: routing ip addresses through a freebsd firewall Message-ID: <Pine.BSF.4.20L2.0106282050190.12239-100000@mx1.hq.ny.otec.net>
next in thread | raw e-mail | index | archive | help
hi- i'm trying to configure a 4-STABLE box to protect 5 ip addresses on a class c network. the machine has 2 NICs; the external w/ a public ip and the internal w/ a 10. address. ideally, i'd like to nat the public ips to 10. addresses. i've been following a tutorial that gives a decent setup for an IPFILTER firewall: http://www.schlacter.dyndns.org/public the actual packet filtering seems pretty straightforward; i'm having problems with nat and routing. problem 1: routing i'm unclear on whether or not i need to run routed or gated in order to forward the packets addressed to the 5 public ips into the firewall. i've seen a couple of things that suggest you can modify arp parameters in the kernel (?), but i'm not sure if this is advisable or not. problem 2: nat i'd like to set up simple bi-directional nat and let the ipfilter rules handle everything else. i've tried the following ipnat rules: bimap <outside_interface> aa.bb.cc.0/24 -> 10.1.1.0/24 i'm not sure if i need a bimap in the opposite direction (inside->outside) adding a rule like this: map <outside_interface> 10.1.1.0/24 -> 0/32 will take any traffic from the inside interface and send it out with whatever address the external NIC has, but that's not what im looking for. any help would be greatly appreciated. please cc me if you reply - i'm not on the list. thanks- dan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.20L2.0106282050190.12239-100000>