Date: Fri, 30 Aug 2002 09:41:56 +0200 From: "Roger 'Rocky' Vetterberg" <listsub@401.cx> To: Tom Wiebe <twiebe@mac.com> Cc: "'freebsd-questions@freebsd.org'" <freebsd-questions@FreeBSD.ORG> Subject: Re: Connecting 2 networks Message-ID: <3D6F21C4.6080006@401.cx> References: <3B577675-BBAB-11D6-B823-0003935761AA@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Tom Wiebe wrote: > Hi all, > > Some weeks ago, I asked how to connect my 2 networks together, and got > some useful pointers to ipfw and natd. Unfortunately, I seem to have > tempoarily overstepped the bounds of my cognitive ability, and I need a > bit of hand holding here. I'm sure the answer is right in front of me in > the man pages, but I can't see it for looking. > > Here's the situation: > > I have 2 networks, our office clients (for surfing) and our servers (for > serving, obviously). The office is running of of an unmetered ADSL > connection, whereas the servers are on a big, fat, metered connection. > > I'd like to be able to have a router or bridge between the 2, so we > could admin our servers and get our email behind the firewall, that kind > of thing. I'd also like to close up the couple of holes I've left to the > outside world from the servers (tb2 on our macs and ssh on our bsd > boxes) and allow myself to sleep a little sounder at night. > > Here's an ASCII Diagram of what I'd like to have: > > ADSL Fibre > | | > Router Router > | | > -------------------- ----------------- > | | | | | | | | | | | > Clients... | | Servers... > 192.168.0.x +- bridge/ -+ 192.168.1.x > router > > I've got an extra PC with 3 nics, and just need a basic WTF do I do to > make this work. Once I get the basics down, I'm sure I can fancy it up > as much as I need over time. I'm wanting to ideally have this behind the > router on both sides as I'm not confident enough in my BSD knowledge to > want to put a box naked on the net quite yet. The missing piece just > needs to route packets between the 2 private networks. > > Thanks in advance, > > Tom Wiebe > (604) 688-4484 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To do this, you need to run 2 natd's to handle traffic from both sides. If you run ipfw, you will need two rules similar to these early in your ruleset: 00010 divert 8668 ip from any to 192.168.0.0/24 via fxp0 00020 divert 8669 ip from any to 192.168.1.0/24 via fxp1 You will need to modify the fxpn to suit your interface names. Then, you need to run 2 natd's, one on the standard 8668 port and one on 8669. The one running on 8668 can be started from /etc/rc.conf as usuall, but the second one will have to be started elsewhere, ie by a command like 'natd -p 8669 -f /etc/natd2.conf' in /etc/rc.local or, probably better, a startup script in /usr/local/etc/rc.d. Since this is a client-server situation, you could probably just run one natd that allows the clients to initate a connection to the servers. The definition of a server means it should never have to initiate a connection to a client itself, it will only respond to requests. Hope this helps, otherwise just email me and I will try to help you out. -- R To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D6F21C4.6080006>