From owner-freebsd-questions Sun May 9 12:51:41 1999 Delivered-To: freebsd-questions@freebsd.org Received: from almazs.pacex.net (almazs.pacex.net [204.1.219.156]) by hub.freebsd.org (Postfix) with ESMTP id E87A515B26 for ; Sun, 9 May 1999 12:51:18 -0700 (PDT) (envelope-from danielb@almazs.pacex.net) Received: from localhost (danielb@localhost) by almazs.pacex.net (8.9.2/8.9.2) with SMTP id MAA17780 for ; Sun, 9 May 1999 12:51:18 -0700 (PDT) Date: Sun, 9 May 1999 12:51:18 -0700 (PDT) From: daniel B To: freebsd-questions@freebsd.org Subject: RE: ipfw on multiple NICs Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi list; I am in the process of setting up a firewall for my internal Freebsd LAN The network looks like this: Internet-----[ DSL router ]----[ fbsd firewall ]----[ LAN ] ep1 ep0 I have compiled my kernel for IPFIREWALL_VERBOSE Added support for net interface ep1 in kernel Enabled ipfw in the /etc/rc.conf and I am using the 'simple' rule-set in /etc/rc.firewall to test setup All machines (router, firewall and LAN) are on the same subnet /27 All vital services DNS, HTTP and SMTP are running on the LAN machines My questions are: 1.) What kind of gateway or routing mechanism should I use to force incoming packets from the Internet to arrive at ep1 and pass through the firewall and to ep0 and to the LAN 2.) outgoing packets from LAN to pass through ep0, firewall, ep1, router and to the Internet. The LAN consept here is probably misleading because all machines are in the same /27 subnet. Thank you Dan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message