From owner-freebsd-questions Fri Mar 15 13:44: 9 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mail012.syd.optusnet.com.au (mail012.syd.optusnet.com.au [203.2.75.172]) by hub.freebsd.org (Postfix) with ESMTP id BB6F837B480 for ; Fri, 15 Mar 2002 13:43:47 -0800 (PST) Received: from doorway.homeip.net (c17926.sunsh1.vic.optusnet.com.au [210.49.233.27]) by mail012.syd.optusnet.com.au (8.11.1/8.11.1) with ESMTP id g2FLhkp03206; Sat, 16 Mar 2002 08:43:46 +1100 Received: from optushome.com.au (tbird.home.lan [192.168.1.5]) by doorway.homeip.net (8.11.6/8.11.0) with ESMTP id g2FLhlK62025; Sat, 16 Mar 2002 08:43:47 +1100 (EST) (envelope-from markhannon@optushome.com.au) Message-ID: <3C926B13.61863B67@optushome.com.au> Date: Sat, 16 Mar 2002 08:43:47 +1100 From: Mark Hannon X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.4.2 i386) X-Accept-Language: en MIME-Version: 1.0 To: dimebar65@hotmail.com, freebsd-questions@freebsd.org Subject: Re: natd router with 3 NICs References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > I now want to add another network card to the machine to server another lan > (10.*). I want the FBSD machine to forward all traffic between the lans and > provide NAT access through the cable modem to each. i.e. > What ipfw rules do I need to do this? Well that depends upon what you have today ... basically you should treat the 10.* subnet in the same manner that you treat your existing RFC1918 subnet, ie if you have an 'internal' set of filter statements for 192.168.* then you should add an equivalent set for the 10.* addresses. In cases where I have done this I generally set this up on a per interface basis, a fragment of my ipfw setup file shows this: # Define inside, outside and ppp interface iif="rl0" oif="rl1" #iif_extra1="ed0" #iif_extra2="ed1" pppif="tun0" # Allow traffic via inside interface ${fwcmd} add 400 allow ip from any to any via ${iif} #${fwcmd} add 401 allow ip from any to any via ${iif_extra1} #${fwcmd} add 402 allow ip from any to any via ${iif_extra2} # Allow traffic via ppp interface ${fwcmd} add 500 allow ip from any to any via ${pppif} As can be seen, ipfw does NO filtering of the internal cards. This suits me but may not be appropriate for your network. /mark To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message