Date: Mon, 22 Feb 1999 11:38:57 -0600 From: Anthony Kim <akim@itisolutions.com> To: freebsd-questions@freebsd.org Subject: IPFW & NAT question Message-ID: <3.0.6.32.19990222113857.009ad5d0@forbes.itisolutions.com>
next in thread | raw e-mail | index | archive | help
I'm trying to come up with a solution as follows please let me know if this is workable: Given a 2.2.8-STABLE box running IPFW & NAT The firewall will have 3 NICS. NIC1 - Real IP; to Internet NIC2 - Real IP; to Perimeter network <--> on this network another HOST (HOST A) with Real IP NIC3 - Private IP; to Internal network NIC1 & NIC2 & HOST A will all be on the same network address. I've done ipfw several times with 2 network cards. How is FreeBSD going to handle this 3rd card? NIC1 & NIC2 will be on the same network ID. On the perimeter network will be a bastion host having a real IP on the same network. I was thinking maybe I could bridge between NIC1 & NIC2. Or will static routing work in this case? I'm unsure. I'm aware of the -u flag to natd to enable translation only for rfc1918 compliant addresses. Real IPs will be passed untranslated. Will routing be a problem? I'm thinking, if on the firewall I added the following example this might work(?): route add default <defaultrouter> route add -host <Host with Real IP> <NIC2 IP> route add -net <Internal Network> <NIC3 IP> ... The alternative solution is to enable translation on HOST A with another fake IP network but using static NAT. IOW: EXT NETWORK: real PERIMETER NETWORK: 192.168.16.0 INTERNAL NETWORK: 192.168.17.0 where HOST A on the perimeter network will be static NAT to its real IP. If I were to do this, where do I assign HOST A's real IP? As an alias to the firewall's external NIC? How can FreeBSD handle NAT using more than one public IP? I appreciate any direction. Thanks! Anthony Kim Sysadmin, HFR Group http://www.hfr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.6.32.19990222113857.009ad5d0>