From owner-freebsd-questions Fri Aug 30 0:40: 3 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2C68A37B400 for ; Fri, 30 Aug 2002 00:39:57 -0700 (PDT) Received: from mailb.telia.com (mailb.telia.com [194.22.194.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id E39EC43E86 for ; Fri, 30 Aug 2002 00:39:52 -0700 (PDT) (envelope-from listsub@401.cx) Received: from 401.cx (jenny.twenty4help.se [62.20.102.59]) by mailb.telia.com (8.12.5/8.12.5) with ESMTP id g7U7doiq026001; Fri, 30 Aug 2002 09:39:50 +0200 (CEST) X-Original-Recipient: freebsd-questions@FreeBSD.ORG Message-ID: <3D6F21C4.6080006@401.cx> Date: Fri, 30 Aug 2002 09:41:56 +0200 From: "Roger 'Rocky' Vetterberg" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc2) Gecko/20020512 Netscape/7.0b1 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Tom Wiebe Cc: "'freebsd-questions@freebsd.org'" Subject: Re: Connecting 2 networks References: <3B577675-BBAB-11D6-B823-0003935761AA@mac.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Tom Wiebe wrote: > Hi all, > > Some weeks ago, I asked how to connect my 2 networks together, and got > some useful pointers to ipfw and natd. Unfortunately, I seem to have > tempoarily overstepped the bounds of my cognitive ability, and I need a > bit of hand holding here. I'm sure the answer is right in front of me in > the man pages, but I can't see it for looking. > > Here's the situation: > > I have 2 networks, our office clients (for surfing) and our servers (for > serving, obviously). The office is running of of an unmetered ADSL > connection, whereas the servers are on a big, fat, metered connection. > > I'd like to be able to have a router or bridge between the 2, so we > could admin our servers and get our email behind the firewall, that kind > of thing. I'd also like to close up the couple of holes I've left to the > outside world from the servers (tb2 on our macs and ssh on our bsd > boxes) and allow myself to sleep a little sounder at night. > > Here's an ASCII Diagram of what I'd like to have: > > ADSL Fibre > | | > Router Router > | | > -------------------- ----------------- > | | | | | | | | | | | > Clients... | | Servers... > 192.168.0.x +- bridge/ -+ 192.168.1.x > router > > I've got an extra PC with 3 nics, and just need a basic WTF do I do to > make this work. Once I get the basics down, I'm sure I can fancy it up > as much as I need over time. I'm wanting to ideally have this behind the > router on both sides as I'm not confident enough in my BSD knowledge to > want to put a box naked on the net quite yet. The missing piece just > needs to route packets between the 2 private networks. > > Thanks in advance, > > Tom Wiebe > (604) 688-4484 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To do this, you need to run 2 natd's to handle traffic from both sides. If you run ipfw, you will need two rules similar to these early in your ruleset: 00010 divert 8668 ip from any to 192.168.0.0/24 via fxp0 00020 divert 8669 ip from any to 192.168.1.0/24 via fxp1 You will need to modify the fxpn to suit your interface names. Then, you need to run 2 natd's, one on the standard 8668 port and one on 8669. The one running on 8668 can be started from /etc/rc.conf as usuall, but the second one will have to be started elsewhere, ie by a command like 'natd -p 8669 -f /etc/natd2.conf' in /etc/rc.local or, probably better, a startup script in /usr/local/etc/rc.d. Since this is a client-server situation, you could probably just run one natd that allows the clients to initate a connection to the servers. The definition of a server means it should never have to initiate a connection to a client itself, it will only respond to requests. Hope this helps, otherwise just email me and I will try to help you out. -- R To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message