From owner-freebsd-net Tue Jan 12 19:19:28 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id TAA27136 for freebsd-net-outgoing; Tue, 12 Jan 1999 19:19:28 -0800 (PST) (envelope-from owner-freebsd-net@FreeBSD.ORG) Received: from snowcrest.net (mtshasta.snowcrest.net [207.201.33.195]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA27121 for ; Tue, 12 Jan 1999 19:19:27 -0800 (PST) (envelope-from djewett@snowcrest.net) Received: from bsharp (ppp33.snowcrest.net [207.201.18.33]) by snowcrest.net (8.8.5/8.8.5) with SMTP id TAA18735; Tue, 12 Jan 1999 19:18:51 -0800 (PST) Message-ID: <002001be3ea4$2109c680$2112c9cf@bsharp.dubakella.tcoe.k12.ca.us> From: "Derek Jewett" To: "Derek Jewett" , Subject: Re: natd & ipfw on multiple segments UPDATE Date: Tue, 12 Jan 1999 19:23:44 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3110.1 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Through experimentation I have found it quite easy to use ipfw on multiple segments. In the rc.firewall file there is a oif="interface". This is a variable used in the rules defined in the rc.firewall file. To add interfaces I just made a oif1, oif2, oif3, oif4, etc... and then used these variables in the rules to apply the rules to multiple outside interfaces. and it works! email me for details if you're looking to do something like this... natd I am still working on as it has a natd_interface variable in the rc.conf file that is referenced in the rc.firewall file. Weather I can just make additional natd_interface variables I do not know. I am going to try just making a natd_interface1, 2, 3 etc.. and try it out. -----Original Message----- From: Derek Jewett To: net@FreeBSD.ORG Date: Monday, January 11, 1999 5:52 PM Subject: natd & ipfw on multiple segments >Can ipfw be used to "secure" multiple segments on the same box..? >As well can I use natd to translate multiple segments >Example; > >I have my FBSD box sitting between four segments. >Local segment 192.168.254.0/24 xl0 >Courthouse 192.168.19.0/24 xl1 >State connection 158.96.243.0/26 xl2 >Internet 209.60.81.0/26 xl3 > >I want to secure the 158 and 209 segments, would I just define multiple >oif's in rc.firewall? There is only one "outside interface" in the file now. > >As well I want to translate anything from the 192 segments (private ip's) to >the 158 segment, and the 209 segment since these segments use registered >addressing. Would I just run natd once for each Interface? i.e. >natd -interface xl2 > & >natd -interface xl3 > >Thanks > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message