Date: Wed, 3 Jan 2001 12:16:05 +1300 From: Jonathan Chen <jonathan.chen@itouch.co.nz> To: Matthew Emmerton <matt@gsicomp.on.ca>, powers@b2pi.com Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Networking and forwarding woes Message-ID: <20010103121605.A64240@itouchnz.itouch> In-Reply-To: <003801c0750d$2b0b7650$1200a8c0@gsicomp.on.ca>; from matt@gsicomp.on.ca on Tue, Jan 02, 2001 at 05:41:37PM -0500 References: <14927.2712.916173.916547@Max.B2Pi.com> <20010103081434.B62613@itouchnz.itouch> <14930.11427.396120.786032@Max.B2Pi.com> <20010103084859.D62613@itouchnz.itouch> <003801c0750d$2b0b7650$1200a8c0@gsicomp.on.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 02, 2001 at 05:41:37PM -0500, Matthew Emmerton wrote:
> > > I'm absolutely certain that my shoes are down! I'm not real sure about
> > > anything else, other than the situation that I want is to use
> > > eventually is along the lines of
> > >
> > > +---------+
> > > | | +---- 185
> > > | | |
> > > 1 192 | | +---- 186
> > > internet -----| de0 | |
> > > | | 188 +---- 187
> > > | rl0 |---------+
> > > | | +---- 189
> > > | | |
> > > | | +---- 190
> > > | | |
> > > +---------+ +---- 191
> > > FreeBSD
> >
> > Hmm, could you please explain what sort of network solution you're
> > trying to achieve here? Maybe we (the list) could come up with an
> > alternative that would work.
>
> It looks like he's trying to make his FreeBSD machine be a firewall of some
> sort. The setup is similar to what most people with a single public IP do,
> except that he's using real IPs on the inside instead of using NAT + private
> IPs.
If this is true, what he'd have to do is something along the lines of:
1. set up an internal network (say, something like 192.168.1.0/24)
2. rl0 set to (say) 192.168.1.1
3. set up the other 7(?) other machines on 192.168.1.0/24, say
192.168.1.185 to 192.168.1.191
4. run "natd -f /etc/natd.conf -n de0" with the following in
/etc/rc.conf:
natd_enable="YES"
natd_interface="de0"
natd_flags="-f /etc/natd.conf"
5. setup /etc/natd.conf:
redirect_address 192.168.1.185 xxx.xxx.xxx.185
redirect_address 192.168.1.186 xxx.xxx.xxx.186
redirect_address 192.168.1.187 xxx.xxx.xxx.187
redirect_address 192.168.1.188 xxx.xxx.xxx.188
...
6. add the following lines to /etc/rc.conf for IP aliasing on de0:
ifconfig_de0_alias0="inet xxx.xxx.xxx.185 netmask 255.255.255.255"
ifconfig_de0_alias1="inet xxx.xxx.xxx.186 netmask 255.255.255.255"
ifconfig_de0_alias2="inet xxx.xxx.xxx.187 netmask 255.255.255.255"
ifconfig_de0_alias3="inet xxx.xxx.xxx.188 netmask 255.255.255.255"
...
7. fiddle with ipfw rules - I suggest that `OPEN' be used to make
sure the above works before doing anything else.
--
Jonathan Chen <jonathan.chen@itouch.co.nz>
----------------------------------------------------------------------
"If you wish your merit to be known, acknowledge that of other people"
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010103121605.A64240>