From owner-freebsd-questions Wed Mar 6 12:21:59 2002 Delivered-To: freebsd-questions@freebsd.org Received: from smtp05.wxs.nl (smtp05.wxs.nl [195.121.6.57]) by hub.freebsd.org (Postfix) with ESMTP id EA02C37B440 for ; Wed, 6 Mar 2002 12:21:43 -0800 (PST) Received: from Alex ([213.10.151.186]) by smtp05.wxs.nl (Netscape Messaging Server 4.15) with ESMTP id GSKJ8300.I1E; Wed, 6 Mar 2002 21:21:39 +0100 Date: Wed, 6 Mar 2002 21:21:30 +0100 From: Alex X-Mailer: The Bat! (v1.53d) Reply-To: Alex X-Priority: 3 (Normal) Message-ID: <8113939634.20020306212130@cybertron.tmfweb.nl> To: "A.Rakukin" Cc: questions@freebsd.org Subject: Re: with and without firewall In-Reply-To: <200203050644.g256irn40909@www5.mailru.com> References: <200203050644.g256irn40909@www5.mailru.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello A.Rakukin, Tuesday, March 05, 2002, 7:44:53 AM, you wrote: AR> Hello, AR> I would like to have my network (say, 128.1.1.0 with AR> router 128.1.1.1) connected to the Internet via the AR> firewall most of the time, but also provide the AR> possibility for this network to be switched to direct AR> Internet connection at any time, without any changes in AR> routing. AR> I guess I can set it up in the following way: AR> - create an additional network (128.2.2.0), AR> - add this network as secondary to the router, AR> assigning an additional address 128.2.2.1 to the router AR> itself, AR> - set up a firewall with external address 128.2.2.2 AR> and internal addresses 128.1.1.1 AR> - make the firewall pick all packets intended for AR> 128.1.1.0 which come to its external interface, filter AR> them and send into the internal network. AR> Then, routing should work either if firewall is present AR> or it is physically removed and router connected to the AR> network directly. AR> Is that possible? Which software can accomplish the AR> last task? As far as I understand, NAT address AR> redirection does not do it. Maybe, there are easier AR> ways to solve this problem, without setting up an AR> additional network? AR> Thanks a lot, AR> Alex The simplest option is to add the ip of the firewall (2) to the router if you take the firewall offline. Just keep all the clients believing the firewall is still up. DHCP has a option to set the gateway and DNS ip of clients on a central place. It would mean there's another thing that can go wrong. What if the DHCP is not available? -- Best regards, Alex To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message