From owner-freebsd-questions Fri Mar 15 12:17:55 2002 Delivered-To: freebsd-questions@freebsd.org Received: from dns.perimeter.co.za (dns.perimeter.co.za [196.25.164.254]) by hub.freebsd.org (Postfix) with ESMTP id 8BA7537B400 for ; Fri, 15 Mar 2002 12:17:49 -0800 (PST) Received: from asterix (ndf-dial-196-30-223-70.mweb.co.za [196.30.223.70]) by dns.perimeter.co.za (8.11.1/8.11.1) with SMTP id g2FKHb500949; Fri, 15 Mar 2002 22:17:37 +0200 (SAST) (envelope-from bsd@perimeter.co.za) Message-ID: <003001c1cc5f$e50edb00$0200000a@perimeter.co.za> From: "Patrick O'Reilly" To: "Dime Bar" Cc: References: Subject: Re: natd router with 3 NICs Date: Fri, 15 Mar 2002 22:26:17 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG ----- Original Message ----- From: "Dime Bar" > Hi, > > I have a FreeBSD 4.1 machine which has been running as a natd router for the > past 1.5 years. It currently has 2 network cards, one attached to my lan > (192.168.*) and the other connected to my cable modem. > > I now want to add another network card to the machine to server another lan > (10.*). I want the FBSD machine to forward all traffic between the lans and > provide NAT access through the cable modem to each. i.e. > > FreeBSD Machine > +-------+ > 10.* ========|---+ | > | +---|===== *. (outside world) > 192.168.* ===|---+ | > +-------+ > > Each of the subnets will machines set with their gateway as the FBSD machine > anyway. > > What ipfw rules do I need to do this? > Dime, I'm not going to try to guess what rules you already have, but here's a brief explanation in principal: 1) Create rules similar to those you already have, allowing traffic to/from the internet and the new LAN. 2) Create rules something like this: ipfw add 1000 deny ip from any to 10.0.0.0/8 in via ${oif} setup ipfw add 1000 deny ip from any to 192.168.0.0/16 in via ${oif} setup ipfw add 1010 allow ip from 192.168.0.0/16 to 10.0.0.0/8 ipfw add 1010 allow ip from 10.0.0.0/8 to 192.168.0.0/16 This is very brief, but I'm only trying to give you a nudge in the right direction. You want to allow any traffic between you private networks, but none of that traffic should be traversing the internet interface ( ${oif} ). 3) If you are running natd with natd_interface=${oif} then it will probably work just fine without any changes whatsoever. HTH Regards, Patrick O'Reilly. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message