From owner-freebsd-security  Tue Jan 30 21:18:24 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mailhost01.reflexnet.net (mailhost01.reflexnet.net [64.6.192.82])
	by hub.freebsd.org (Postfix) with ESMTP id 76B1837B6A7
	for <freebsd-security@freebsd.org>; Tue, 30 Jan 2001 21:18:07 -0800 (PST)
Received: from rfx-216-196-73-168.users.reflexcom.com ([216.196.73.168]) by mailhost01.reflexnet.net  with Microsoft SMTPSVC(5.5.1877.197.19);
	 Tue, 30 Jan 2001 21:16:17 -0800
Received: (from cjc@localhost)
	by rfx-216-196-73-168.users.reflexcom.com (8.11.1/8.11.1) id f0V5Hss14716;
	Tue, 30 Jan 2001 21:17:54 -0800 (PST)
	(envelope-from cjc)
Date: Tue, 30 Jan 2001 21:17:53 -0800
From: "Crist J. Clark" <cjclark@reflexnet.net>
To: Mason Harding <mharding@marketnews.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Revised: My FreeBSD Firewall
Message-ID: <20010130211753.N91447@rfx-216-196-73-168.users.reflex>
Reply-To: cjclark@alum.mit.edu
References: <980823154.3a762c72329fd@mail.marketnews.com> <BGENLPKDCIBENFNNNAIDMEHNCAAA.mharding@marketnews.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <BGENLPKDCIBENFNNNAIDMEHNCAAA.mharding@marketnews.com>; from mharding@marketnews.com on Tue, Jan 30, 2001 at 08:14:23AM -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, Jan 30, 2001 at 08:14:23AM -0800, Mason Harding wrote:
> I am now just trying to implement a FreeBSD firewall, say with the IP
> address of 172.16.5.2, with the router being 172.16.5.1, and the network
> being 172.16.5.0/24.  How can I handle the routing on this?  my routing
> table is basically as such...
> 
> Destination		Gateway		Netif
> default		172.16.5.1		fxp0
> 172.15.5		link#1		fxp1
> 172.16.5.1		0:0:c:80:f:30	fxp0
> 172.15.5.2/32	link#1		fxp0
> 
> I can ping 172.16.5.1 with success, but if I try to ping anything past it(on
> the internet) I get no response.  I can also ping anything on the LAN.  Am I
> going about implementing this firewall correctly?  Should I not just be
> adding a static route for 172.16.5.1?  Sorry if this made no since.

You want to do bridging, not routing, if you do this since you want to
have the same network on both sides of the firewall. However, you are
probably better off changing the IP address of the router and the
external interface of the firewall to RFC1918 numbers and then have 
172.16.5.0/24 on the internal network. You can then do routing to
move the traffic.
-- 
Crist J. Clark                           cjclark@alum.mit.edu


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message