Date: Fri, 15 Mar 2002 22:26:17 +0200 From: "Patrick O'Reilly" <bsd@perimeter.co.za> To: "Dime Bar" <dimebar65@hotmail.com> Cc: <freebsd-questions@freebsd.org> Subject: Re: natd router with 3 NICs Message-ID: <003001c1cc5f$e50edb00$0200000a@perimeter.co.za> References: <F46kWHZqYW8BYXifWoq00004491@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message -----
From: "Dime Bar" <dimebar65@hotmail.com>
> Hi,
>
> I have a FreeBSD 4.1 machine which has been running as a natd router for
the
> past 1.5 years. It currently has 2 network cards, one attached to my lan
> (192.168.*) and the other connected to my cable modem.
>
> I now want to add another network card to the machine to server another
lan
> (10.*). I want the FBSD machine to forward all traffic between the lans
and
> provide NAT access through the cable modem to each. i.e.
>
> FreeBSD Machine
> +-------+
> 10.* ========|---+ |
> | +---|===== *. (outside world)
> 192.168.* ===|---+ |
> +-------+
>
> Each of the subnets will machines set with their gateway as the FBSD
machine
> anyway.
>
> What ipfw rules do I need to do this?
>
Dime,
I'm not going to try to guess what rules you already have, but here's a
brief explanation in principal:
1) Create rules similar to those you already have, allowing traffic to/from
the internet and the new LAN.
2) Create rules something like this:
ipfw add 1000 deny ip from any to 10.0.0.0/8 in via ${oif} setup
ipfw add 1000 deny ip from any to 192.168.0.0/16 in via ${oif} setup
ipfw add 1010 allow ip from 192.168.0.0/16 to 10.0.0.0/8
ipfw add 1010 allow ip from 10.0.0.0/8 to 192.168.0.0/16
This is very brief, but I'm only trying to give you a nudge in the right
direction. You want to allow any traffic between you private networks, but
none of that traffic should be traversing the internet interface ( ${oif} ).
3) If you are running natd with natd_interface=${oif} then it will probably
work just fine without any changes whatsoever.
HTH
Regards,
Patrick O'Reilly.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003001c1cc5f$e50edb00$0200000a>