From owner-freebsd-questions Tue Jan 2 15:17:24 2001 From owner-freebsd-questions@FreeBSD.ORG Tue Jan 2 15:17:22 2001 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from itouch.co.nz (itouch.co.nz [203.99.66.188]) by hub.freebsd.org (Postfix) with ESMTP id ABFC337B400 for ; Tue, 2 Jan 2001 15:17:18 -0800 (PST) Received: (from jonc@localhost) by itouch.co.nz (8.11.1/8.11.1) id f02NG5B67822; Wed, 3 Jan 2001 12:16:05 +1300 (NZDT) (envelope-from jonc) Date: Wed, 3 Jan 2001 12:16:05 +1300 From: Jonathan Chen To: Matthew Emmerton , powers@b2pi.com Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Networking and forwarding woes Message-ID: <20010103121605.A64240@itouchnz.itouch> References: <14927.2712.916173.916547@Max.B2Pi.com> <20010103081434.B62613@itouchnz.itouch> <14930.11427.396120.786032@Max.B2Pi.com> <20010103084859.D62613@itouchnz.itouch> <003801c0750d$2b0b7650$1200a8c0@gsicomp.on.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <003801c0750d$2b0b7650$1200a8c0@gsicomp.on.ca>; from matt@gsicomp.on.ca on Tue, Jan 02, 2001 at 05:41:37PM -0500 Sender: jonc@itouch.co.nz Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, Jan 02, 2001 at 05:41:37PM -0500, Matthew Emmerton wrote: > > > I'm absolutely certain that my shoes are down! I'm not real sure about > > > anything else, other than the situation that I want is to use > > > eventually is along the lines of > > > > > > +---------+ > > > | | +---- 185 > > > | | | > > > 1 192 | | +---- 186 > > > internet -----| de0 | | > > > | | 188 +---- 187 > > > | rl0 |---------+ > > > | | +---- 189 > > > | | | > > > | | +---- 190 > > > | | | > > > +---------+ +---- 191 > > > FreeBSD > > > > Hmm, could you please explain what sort of network solution you're > > trying to achieve here? Maybe we (the list) could come up with an > > alternative that would work. > > It looks like he's trying to make his FreeBSD machine be a firewall of some > sort. The setup is similar to what most people with a single public IP do, > except that he's using real IPs on the inside instead of using NAT + private > IPs. If this is true, what he'd have to do is something along the lines of: 1. set up an internal network (say, something like 192.168.1.0/24) 2. rl0 set to (say) 192.168.1.1 3. set up the other 7(?) other machines on 192.168.1.0/24, say 192.168.1.185 to 192.168.1.191 4. run "natd -f /etc/natd.conf -n de0" with the following in /etc/rc.conf: natd_enable="YES" natd_interface="de0" natd_flags="-f /etc/natd.conf" 5. setup /etc/natd.conf: redirect_address 192.168.1.185 xxx.xxx.xxx.185 redirect_address 192.168.1.186 xxx.xxx.xxx.186 redirect_address 192.168.1.187 xxx.xxx.xxx.187 redirect_address 192.168.1.188 xxx.xxx.xxx.188 ... 6. add the following lines to /etc/rc.conf for IP aliasing on de0: ifconfig_de0_alias0="inet xxx.xxx.xxx.185 netmask 255.255.255.255" ifconfig_de0_alias1="inet xxx.xxx.xxx.186 netmask 255.255.255.255" ifconfig_de0_alias2="inet xxx.xxx.xxx.187 netmask 255.255.255.255" ifconfig_de0_alias3="inet xxx.xxx.xxx.188 netmask 255.255.255.255" ... 7. fiddle with ipfw rules - I suggest that `OPEN' be used to make sure the above works before doing anything else. -- Jonathan Chen ---------------------------------------------------------------------- "If you wish your merit to be known, acknowledge that of other people" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message