Date: Sun, 13 Feb 2000 18:11:08 -0500 From: "Matthew Jonkman" <jonkman@bussert.com> To: "freebsd-questions@FreeBSD.ORG" <freebsd-questions@FreeBSD.org> Subject: Fw: Routed and public IPs Message-ID: <055901bf7677$9ccf99a0$030a0a0a@jonkmangarage.com>
next in thread | raw e-mail | index | archive | help
Thats what I thought too. Thanks. Let me give you more info. The feed comes from a router, the subnet in question has a block of public IP's. Theey currently use a public IP on all their windows and novell machines. They were recently hacked so they want a firewall. (some people don;t take advice till its too late:) ) The novell machine handles mail and such and the users use windows remote access software to access their individual stations from home. I set up the firewall with 1 windows machine using a public interface behind it. I haven't gotten it to be accessible. I've also tried the same thing with my own net for a test and no luck.I have plenty of regular nat firewalls under my belt, but the routing thing is new to me. I guess my question boils down to this: What exactly is the setup to make the firewall act as a router with public and private addresses behind it, and the public addresses must be visible from the outside. Thanks again for any help. On a side note, if I could make the comment that this is the most helpful and good natured community of people I've ever had the pleasure to be a part of. Every other group of fellow geeks I've been in has had so much 'hate' and intolerance for questions, and everyone had to one-up eachother. Freebsd has none of that, and plenty of help. I've found my home for a long time. Thanks Matthew Jonkman > ----- Original Message ----- > From: Crist J. Clark <cjc@cc942873-a.ewndsr1.nj.home.com> > To: Steve Hovey <shovey@buffnet.net> > Cc: Matthew Jonkman <jonkman@bussert.com>; <freebsd-questions@FreeBSD.ORG> > Sent: Sunday, February 13, 2000 4:34 PM > Subject: Re: Routed and public IPs > > > > On Sun, Feb 13, 2000 at 08:46:14AM -0500, Steve Hovey wrote: > > > > > > I believe routed just handles rip - if these public addresses need > global > > > routing you need something that does bgp - To passwd packets to just > > > certain addresses and no others, you do a permit rule for the ones to > > > pass, deny for all others. > > > > > > Is freebsd your router? Or a machine inside from your router, acting as > a > > > router to a subset of machines? > > > > > > On Sun, 13 Feb 2000, Matthew Jonkman wrote: > > > > > > > I have myself very confused here. > > > > I am running a firewall but there is a need to have public IPs behind > the > > > > firewall that are accessible from the outside. By my feeble figuring > if I > > > > run routed -s it will build a table and should make them visible. Am I > right > > > > there? > > > > > > > > Is it possible to firewall public addresses behind a bsd machine? > > > > > > > > Is NAT interfering with route? > > > > If your addresses behind the firewall are static, there should be no > > need to run a routing daemon (like routed(8)). > > > > If you told us a bit more about your configuration, we could help. But > > as an example, if you have unregistered numbers, 192.168.0.0/24, and > > registered numbers, a.b.c.0/24, on your internal network, all you need > > to do is, > > > > ifconfig_if0="w.x.y.z" # External interface > > ifconfig_if1="a.b.c.254 netmask 0xffffff00" # Internal interface > > ifconfig_if1_alias0="192.168.0.254" # Internal interface > > natd_enable="YES" > > natd_flags="-u -n if0" > > > > And I think it should work fine. > > -- > > Crist J. Clark cjclark@home.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?055901bf7677$9ccf99a0$030a0a0a>