From owner-freebsd-questions Sun Jun 30 15:32:27 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E2B7837B400 for ; Sun, 30 Jun 2002 15:32:22 -0700 (PDT) Received: from cody.jharris.com (cody.jharris.com [205.238.128.83]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9FD0E43E61 for ; Sun, 30 Jun 2002 15:32:16 -0700 (PDT) (envelope-from nick@rogness.net) Received: from localhost (nick@localhost) by cody.jharris.com (8.11.1/8.9.3) with ESMTP id g5UN08920372; Sun, 30 Jun 2002 18:00:09 -0500 (CDT) (envelope-from nick@rogness.net) Date: Sun, 30 Jun 2002 18:00:08 -0500 (CDT) From: Nick Rogness X-Sender: nick@cody.jharris.com To: Corey Snow Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ipfw, nat and routing In-Reply-To: <3D189BDC.28738.2074C888@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 25 Jun 2002, Corey Snow wrote: > Hi- > > I'm currently trying to set up a FreeBSD 4.5-RELEASE box as both a > router and a NAT system. Basically, it has two NICs, and sits between > my DMZ and my private LAN. The DMZ is connected to the Internet via a > FreeBSD-based filtering bridge, which works fine. > > The DMZ is where I keep my routable IPs, for things like my webserver > and mail system. On the backside of my NAT firewall, I use RFC1918 > addresses. The outer interface of the NAT firewall has a routable > address, obviously. > > I can get all this to work just fine. However, there's one more thing > I'd like to add to this- the ability for the NAT firewall to also do > simple routing between interfaces for my RFC1918 addresess. See, on > my DMZ, in addition to my external IP addresses, I have used some > RFC1918 addresses for various purposes, mostly for local > administration. These RFC 1918 IPs are all in a single Class C. On > the inside of the NAT firewall, I have another collection of RFC 1918 > addresses, also in their own Class C. > > The internal interface of the NAT firewall has an address that is > within that Class C, as does every other host on the network. The > external interface of the NAT firewall has both a public IP and a > private one. The private one is set as an alias. > > I'd like my firewall to route packets from my internal private Class C > to my DMZ one, or if packets are destined for the Internet, to perform > NAT and pump them out on the public IP. > > I can get this working one way, or the other, but not both at once. > I'm still experimenting, but any suggestions would be helpful. Thanks > a bunch. Could you send a small network map...I'm having difficulty understanding what you are doing or trying to do. Also send the output of: # netstat -rn # ifconfig -a # ipfw -a l # cat /etc/rc.conf And please... only send to freebsd-questions. freebsd-ipfw is not intended for questions like this. Nick Rogness - Don't mind me...I'm just sniffing your packets To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message