From owner-freebsd-questions Fri Jun 30 10:47:45 2000 Delivered-To: freebsd-questions@freebsd.org Received: from pop.wilkshire.net (mail.wilkshire.net [207.206.44.15]) by hub.freebsd.org (Postfix) with SMTP id D7A7737BFC9 for ; Fri, 30 Jun 2000 10:47:38 -0700 (PDT) (envelope-from jeff@digiman.org) Received: (qmail 3787 invoked from network); 30 Jun 2000 18:06:19 -0000 Received: from graphics1.noc.wilkshire.net (HELO graphics1) (207.57.128.36) by mail.wilkshire.net with SMTP; 30 Jun 2000 18:06:19 -0000 Message-ID: <000501bfe2ba$5ec92c20$248039cf@noc.wilkshire.net> Reply-To: From: To: Subject: Dual Nic Firewall Configuration Woes Date: Fri, 30 Jun 2000 13:41:06 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Good afternoon FreeBSD'ers I am in the process of creating a firewall using a small p-133 with (2) netgear cards (shown as de0 and de1) and FreeBSD 4.0 I am creating this firewall as a drop-in replacement to an ailing rackmount appliance firewall. my problem is as follows: the subnet range from the ethernet side of the router is 255.255.255.224 (since there are only a handful of workstations to be secured) ***Note that I am using real ip's not 10.10.10.x*** ***10.10.10.x is for example only*** the current firewall has 10.10.10.34 as the external (non-trusted interface) and 10.10.10.35 as the trusted side of the interface. the router ethernet port is 10.10.10.33 and is configured as the default gateway for the firewall. I have tried to configure the Freebsd system as follows: ifconfig_de0="inet 10.10.10.34 netmask 255.255.255.224" ifconfig_de1="inet 10.10.10.35 netmask 255.255.255.224" default_gateway="10.10.10.33" gateway_enable="yes" option BRIDGING has been added to my kernel configuration once the system has been rebooted, I can only ping de0, if I shutdown de0 then de1 is pingable, but not both at the same time. this as you can imagine, is very frustrating to the development of my firewall. any help and guidance from anyone familliar with the design of firewalls using FreeBSD would be very welcomed. thank you in advance. Jeff jeff@digiman.org www.digiman.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message