From owner-freebsd-questions Wed Feb 8 11:25:43 1995 Return-Path: questions-owner Received: (from root@localhost) by freefall.cdrom.com (8.6.9/8.6.6) id LAA15228 for questions-outgoing; Wed, 8 Feb 1995 11:25:43 -0800 Received: from devnull.mpd.tandem.com (devnull.mpd.tandem.com [131.124.4.29]) by freefall.cdrom.com (8.6.9/8.6.6) with ESMTP id LAA15222 for ; Wed, 8 Feb 1995 11:25:39 -0800 Received: from olympus by devnull.mpd.tandem.com (8.6.8/8.6.6) id NAA08528; Wed, 8 Feb 1995 13:25:14 -0600 Received: by olympus (4.1/TSS2.1) id AA08628; Wed, 8 Feb 95 13:23:38 CST From: faulkner@mpd.tandem.com (Boyd Faulkner) Message-Id: <9502081923.AA08628@olympus> Subject: Re: Firewall help To: richards@vinny.cecer.army.mil (Matt Richards) Date: Wed, 8 Feb 1995 13:23:37 -0600 (CST) Cc: questions@FreeBSD.org In-Reply-To: <199502080349.VAA16796@vinny.cecer.army.mil> from "Matt Richards" at Feb 7, 95 09:49:08 pm X-Mailer: ELM [version 2.4 PL17] Content-Type: text Content-Length: 1639 Sender: questions-owner@FreeBSD.org Precedence: bulk > > I have been assigned the task of setting up a firewall after a hacker invaded > our Suns. I was excited to see that FreeBSD could be setup as a firewall. > I compiled the IPFIREWALL configuration after changing it to match the > NE2000 NIC's and removing options that are not needed (extra SCSI cards, NIC's, > etc.). The firewall works great on the FreeBSD machine, but I can't get the > two network cards working together. I can get one NIC ifconfiged and working > but when I ifconfig the second it seems to work but I think there is something > I'm not doing because the packets are not transfering from one card thru to > the other. I have policy set to accept and no chain entries. I also get > a strange error when I type 'ipfw l', it gives me an error with kvm_nlist. > The gateway option is compiled in the kernel. Routed is running (I tried the > -q (default) and then the -s option). I couldn't find any documentation on > setting up FreeBSD as a firewall or router. Any information on how to set > up a machine as a firewall would be greatly appreciated. > > Please help... > > Thanks in advance, > Matt. > I haven't configured a firewall but I can tell you that you need to put the options GATEWAY #internetwork gateway line in your kernel config. This will allow packets to forward from one card to the other. The rest I can't help you with. Good Luck, Boyd -- _______________________________________________________________________ Boyd Faulkner faulkner@isd.tandem.com _______________________________________________________________________