Date: Tue, 30 Jan 2001 21:17:53 -0800 From: "Crist J. Clark" <cjclark@reflexnet.net> To: Mason Harding <mharding@marketnews.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Revised: My FreeBSD Firewall Message-ID: <20010130211753.N91447@rfx-216-196-73-168.users.reflex> In-Reply-To: <BGENLPKDCIBENFNNNAIDMEHNCAAA.mharding@marketnews.com>; from mharding@marketnews.com on Tue, Jan 30, 2001 at 08:14:23AM -0800 References: <980823154.3a762c72329fd@mail.marketnews.com> <BGENLPKDCIBENFNNNAIDMEHNCAAA.mharding@marketnews.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 30, 2001 at 08:14:23AM -0800, Mason Harding wrote: > I am now just trying to implement a FreeBSD firewall, say with the IP > address of 172.16.5.2, with the router being 172.16.5.1, and the network > being 172.16.5.0/24. How can I handle the routing on this? my routing > table is basically as such... > > Destination Gateway Netif > default 172.16.5.1 fxp0 > 172.15.5 link#1 fxp1 > 172.16.5.1 0:0:c:80:f:30 fxp0 > 172.15.5.2/32 link#1 fxp0 > > I can ping 172.16.5.1 with success, but if I try to ping anything past it(on > the internet) I get no response. I can also ping anything on the LAN. Am I > going about implementing this firewall correctly? Should I not just be > adding a static route for 172.16.5.1? Sorry if this made no since. You want to do bridging, not routing, if you do this since you want to have the same network on both sides of the firewall. However, you are probably better off changing the IP address of the router and the external interface of the firewall to RFC1918 numbers and then have 172.16.5.0/24 on the internal network. You can then do routing to move the traffic. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010130211753.N91447>