From owner-freebsd-questions  Sun Feb 13 13:30:31 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207])
	by builder.freebsd.org (Postfix) with ESMTP id D61513E57
	for <freebsd-questions@FreeBSD.ORG>; Sun, 13 Feb 2000 13:30:27 -0800 (PST)
Received: (from cjc@localhost)
	by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id QAA37868;
	Sun, 13 Feb 2000 16:34:43 -0500 (EST)
	(envelope-from cjc)
Date: Sun, 13 Feb 2000 16:34:42 -0500
From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com>
To: Steve Hovey <shovey@buffnet.net>
Cc: Matthew Jonkman <jonkman@bussert.com>,
	"freebsd-questions@FreeBSD.ORG" <freebsd-questions@FreeBSD.ORG>
Subject: Re: Routed and public IPs
Message-ID: <20000213163442.F31722@cc942873-a.ewndsr1.nj.home.com>
Reply-To: cjclark@home.com
References: <045f01bf75e3$32b03d20$030a0a0a@jonkmangarage.com> <Pine.BSF.4.05.10002130844170.28527-100000@buffnet11.buffnet.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <Pine.BSF.4.05.10002130844170.28527-100000@buffnet11.buffnet.net>; from shovey@buffnet.net on Sun, Feb 13, 2000 at 08:46:14AM -0500
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sun, Feb 13, 2000 at 08:46:14AM -0500, Steve Hovey wrote:
> 
> I believe routed just handles rip - if these public addresses need global
> routing you need something that does bgp - To passwd packets to just
> certain addresses and no others, you do a permit rule for the ones to
> pass, deny for all others.
> 
> Is freebsd your router?  Or a machine inside from your router, acting as a
> router to a subset of machines?
> 
> On Sun, 13 Feb 2000, Matthew Jonkman wrote:
> 
> > I have myself very confused here.
> > I am running a firewall but there is a need to have public IPs behind the
> > firewall that are accessible from the outside. By my feeble figuring if I
> > run routed -s it will build a table and should make them visible. Am I right
> > there?
> > 
> > Is it possible to firewall public addresses behind a bsd machine?
> > 
> > Is NAT interfering with route?

If your addresses behind the firewall are static, there should be no
need to run a routing daemon (like routed(8)).

If you told us a bit more about your configuration, we could help. But
as an example, if you have unregistered numbers, 192.168.0.0/24, and
registered numbers, a.b.c.0/24, on your internal network, all you need
to do is,

ifconfig_if0="w.x.y.z"                       # External interface
ifconfig_if1="a.b.c.254 netmask 0xffffff00"  # Internal interface
ifconfig_if1_alias0="192.168.0.254"          # Internal interface
natd_enable="YES"
natd_flags="-u -n if0"

And I think it should work fine.
-- 
Crist J. Clark                           cjclark@home.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message