From owner-freebsd-questions Sun Feb 13 15:11:19 2000 Delivered-To: freebsd-questions@freebsd.org Received: from arf.bussert.COM (arf.bussert.com [209.183.67.130]) by builder.freebsd.org (Postfix) with ESMTP id 0D08C3E90 for ; Sun, 13 Feb 2000 15:11:11 -0800 (PST) Received: from killer (mail.jonkmangarage.com [209.183.76.130]) by arf.bussert.COM (8.9.3/8.9.3) with SMTP id SAA89218 for ; Sun, 13 Feb 2000 18:15:42 -0500 (EST) (envelope-from jonkman@bussert.com) Message-ID: <055901bf7677$9ccf99a0$030a0a0a@jonkmangarage.com> Reply-To: "Matthew Jonkman" From: "Matthew Jonkman" To: "freebsd-questions@FreeBSD.ORG" Subject: Fw: Routed and public IPs Date: Sun, 13 Feb 2000 18:11:08 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Thats what I thought too. Thanks. Let me give you more info. The feed comes from a router, the subnet in question has a block of public IP's. Theey currently use a public IP on all their windows and novell machines. They were recently hacked so they want a firewall. (some people don;t take advice till its too late:) ) The novell machine handles mail and such and the users use windows remote access software to access their individual stations from home. I set up the firewall with 1 windows machine using a public interface behind it. I haven't gotten it to be accessible. I've also tried the same thing with my own net for a test and no luck.I have plenty of regular nat firewalls under my belt, but the routing thing is new to me. I guess my question boils down to this: What exactly is the setup to make the firewall act as a router with public and private addresses behind it, and the public addresses must be visible from the outside. Thanks again for any help. On a side note, if I could make the comment that this is the most helpful and good natured community of people I've ever had the pleasure to be a part of. Every other group of fellow geeks I've been in has had so much 'hate' and intolerance for questions, and everyone had to one-up eachother. Freebsd has none of that, and plenty of help. I've found my home for a long time. Thanks Matthew Jonkman > ----- Original Message ----- > From: Crist J. Clark > To: Steve Hovey > Cc: Matthew Jonkman ; > Sent: Sunday, February 13, 2000 4:34 PM > Subject: Re: Routed and public IPs > > > > On Sun, Feb 13, 2000 at 08:46:14AM -0500, Steve Hovey wrote: > > > > > > I believe routed just handles rip - if these public addresses need > global > > > routing you need something that does bgp - To passwd packets to just > > > certain addresses and no others, you do a permit rule for the ones to > > > pass, deny for all others. > > > > > > Is freebsd your router? Or a machine inside from your router, acting as > a > > > router to a subset of machines? > > > > > > On Sun, 13 Feb 2000, Matthew Jonkman wrote: > > > > > > > I have myself very confused here. > > > > I am running a firewall but there is a need to have public IPs behind > the > > > > firewall that are accessible from the outside. By my feeble figuring > if I > > > > run routed -s it will build a table and should make them visible. Am I > right > > > > there? > > > > > > > > Is it possible to firewall public addresses behind a bsd machine? > > > > > > > > Is NAT interfering with route? > > > > If your addresses behind the firewall are static, there should be no > > need to run a routing daemon (like routed(8)). > > > > If you told us a bit more about your configuration, we could help. But > > as an example, if you have unregistered numbers, 192.168.0.0/24, and > > registered numbers, a.b.c.0/24, on your internal network, all you need > > to do is, > > > > ifconfig_if0="w.x.y.z" # External interface > > ifconfig_if1="a.b.c.254 netmask 0xffffff00" # Internal interface > > ifconfig_if1_alias0="192.168.0.254" # Internal interface > > natd_enable="YES" > > natd_flags="-u -n if0" > > > > And I think it should work fine. > > -- > > Crist J. Clark cjclark@home.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message