Date: Fri, 29 Jun 2001 01:26:01 -0700 From: "Crist J. Clark" <cristjc@earthlink.net> To: Daniel Kelley <dkelley@otec.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: routing ip addresses through a freebsd firewall Message-ID: <20010629012601.B375@blossom.cjclark.org> In-Reply-To: <Pine.BSF.4.20L2.0106282050190.12239-100000@mx1.hq.ny.otec.net>; from dkelley@otec.com on Thu, Jun 28, 2001 at 09:20:07PM -0400 References: <Pine.BSF.4.20L2.0106282050190.12239-100000@mx1.hq.ny.otec.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jun 28, 2001 at 09:20:07PM -0400, Daniel Kelley wrote: [snip] > problem 1: routing > > i'm unclear on whether or not i need to run routed or gated in order to > forward the packets addressed to the 5 public ips into the firewall. No. You don't need them. They would not help. > i've > seen a couple of things that suggest you can modify arp parameters in the > kernel (?), but i'm not sure if this is advisable or not. man arp You probably do not need to mess with it anyway. > problem 2: nat > > i'd like to set up simple bi-directional nat and let the ipfilter rules > handle everything else. i've tried the following ipnat rules: > > bimap <outside_interface> aa.bb.cc.0/24 -> 10.1.1.0/24 > > i'm not sure if i need a bimap in the opposite direction (inside->outside) Nope. That said, depending on what you are doing, "rdr" rules in combination with a "map" rule might be a better choice. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010629012601.B375>