From owner-freebsd-questions@FreeBSD.ORG  Sat Jun 26 16:00:22 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8C81116A4D2
	for <freebsd-questions@freebsd.org>;
	Sat, 26 Jun 2004 16:00:22 +0000 (GMT)
Received: from smtp2.Stanford.EDU (smtp2.Stanford.EDU [171.67.16.125])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7AD5C43D2D
	for <freebsd-questions@freebsd.org>;
	Sat, 26 Jun 2004 16:00:22 +0000 (GMT)
	(envelope-from romain@kzsu.stanford.edu)
Received: from kzsu.stanford.edu (KZSU.Stanford.EDU [171.66.118.90])
	by smtp2.Stanford.EDU (8.12.11/8.12.11) with ESMTP id i5QG08fS000574
	for <freebsd-questions@freebsd.org>; Sat, 26 Jun 2004 09:00:08 -0700
Received: from kzsu.stanford.edu (localhost. [127.0.0.1])
	by kzsu.stanford.edu (8.12.11/8.12.10) with ESMTP id i5QG07tJ008438
	for <freebsd-questions@freebsd.org>;
	Sat, 26 Jun 2004 09:00:07 -0700 (PDT)
	(envelope-from romain@kzsu.stanford.edu)
X-Authentication-Warning: kzsu.stanford.edu: Host localhost. [127.0.0.1]
	claimed to be kzsu.stanford.edu
Received: (from romain@localhost)
	by kzsu.stanford.edu (8.12.11/8.12.9/Submit) id i5QG07kG008437
	for freebsd-questions@freebsd.org;
	Sat, 26 Jun 2004 09:00:07 -0700 (PDT)	(envelope-from romain)
Date: Sat, 26 Jun 2004 09:00:07 -0700 (PDT)
From: Romain Kang <romain@kzsu.stanford.edu>
Message-Id: <200406261600.i5QG07kG008437@kzsu.stanford.edu>
To: freebsd-questions@freebsd.org
X-Scanned-By: MIMEDefang 2.38
Subject: IP alias + NAT through a single NIC?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 26 Jun 2004 16:00:22 -0000

I have a single physical network with 2 disjoint address spaces in
it.  Logical Net 1 is routable, while Logical Net 2 is in private
space intended to keep devices there safe from the outside.  Now I
need to allow some Net 2 devices the capability to access the web,
and putting in a second physical net is impractical.

Can a FreeBSD box with just one NIC on the physical net be used as
the router between the logical nets?  If so, could it be used to
limit outside access from Net 2 by hardware address?  Or is there
a proxy that would work for this configuration?

Thanks,
Romain Kang                             Disclaimer: I speak for myself alone,
romain@kzsu.stanford.edu                except when indicated otherwise.