From owner-freebsd-ipfw Tue Dec 12 17:17:31 2000 From owner-freebsd-ipfw@FreeBSD.ORG Tue Dec 12 17:17:29 2000 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from radius.wavefire.com (radius.wavefire.com [139.142.95.252]) by hub.freebsd.org (Postfix) with SMTP id C173E37B400 for ; Tue, 12 Dec 2000 17:17:28 -0800 (PST) Received: (qmail 7521 invoked from network); 13 Dec 2000 01:17:28 -0000 Received: from ccliii.caniserv.com (HELO dbitech) (darcyb@139.142.95.253) by radius.wavefire.com with SMTP; 13 Dec 2000 01:17:28 -0000 Message-Id: <3.0.32.20001212172301.0285bc20@mail.ok-connect.com> X-Sender: darcyb@mail.ok-connect.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Tue, 12 Dec 2000 17:23:02 -0800 To: From: Darcy Buskermolen Subject: Re: sigh, today is just not my day. Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG you can't route private IP space through the internet like that.. What you need is to use natd to do either 1-1 IP translation ot 1 to many IP translation.. make sure that you have the IPDIVERT option compled into your kernel and put the following into your /etc/rc.conf natd_enable="YES" natd_interface="xl0" At 04:28 PM 12/12/00 -0700, you wrote: >Right, first off thank you to all who helped me out with the >kern.securelevel issue. Okay here we go, the major reason for me to be >doing this is that my boss wants a firewall ASAP. She purchased Checkpoint >for $2000-2500, and it needed a subscription ~$400/year. I talked to her >about using a Unix based firewall solution and the cost would be only in >work hours (unlike checkpoint which would add $$$). She liked the idea. >Our ISP uses FreeBSD, so I thought what the hell why not. I am coming from >a Linux/SunOS background, but more of a CS student than as a admin. This >email list and its members have been great to me. Okay so the conundrum. I >want to test the FreeBSD (4.1.1) machine. It has two nicks ifconfig comes >up great (please see attachment info.txt). I have a set of firewall rules >in ipfw that seem to do the trick (please see attachment rc_firewall.txt). >So here goes >*** note that xl1 has no carrier since I unplugged the cross over cable *** > >My machine(win98) freebsd machine >ip 192.168.1.250 192.168.1.225 (inside interface) >netmask 255.255.255.224 255.255.255.224 >its gateway 192.168.1.225 (the firewall machine) >is dns servers are the same >as the freebsd machines (ie our isp dns servers) > >right. So the freebsd machine can see the out side world. When I have my >machine behind the firewall I cant see Jack (if at all). What I am doing >wrong? Any help will be appreciated. I have been poring over the freebsd >website, freebsddiary.org, and other sites. >you guys/gals rock > >-Carlos Andrade >---- >Carlos A. Andrade >IS Manager >RJS Technologies >915.845.5228 ext 13 915.845.2119 fax >carlos@rjstech.com > >Attachment Converted: "C:\Program Files\Eudora32\attach\rc_firewall.txt" > >Attachment Converted: "C:\Program Files\Eudora32\attach\info.txt" > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message