From owner-freebsd-stable  Tue May  1 16: 1:46 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from woody.ichilton.co.uk (woody.ichilton.co.uk [216.29.174.40])
	by hub.freebsd.org (Postfix) with ESMTP id 2F3A837B43F
	for <freebsd-stable@freebsd.org>; Tue,  1 May 2001 16:01:43 -0700 (PDT)
	(envelope-from ian@woody.ichilton.co.uk)
Received: by woody.ichilton.co.uk (Postfix, from userid 1000)
	id 083248093; Wed,  2 May 2001 00:01:31 +0100 (BST)
Date: Wed, 2 May 2001 00:01:31 +0100
From: Ian Chilton <ian@ichilton.co.uk>
To: freebsd-stable@freebsd.org
Subject: Firewall, NAT etc
Message-ID: <20010502000131.A14756@woody.ichilton.co.uk>
Reply-To: Ian Chilton <ian@ichilton.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.3.13i
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hello,

I have been using Linux for years, and have quite a few Linux servers,
but am quite new to FreeBSD. I think I have mastered the basics now and
have a few basic servers running FreeBSD.

But, my next task is more complicated, and I was wondering if anyone
could point me towards some good info on this sort of thing, or anyone
that has done similar before.


I have a machine, which has:

vr0 - 123.123.123.123 - static ip, on internet through
defaultrouter="123.123.123.1" in rc.conf

ed0 = 192.168.0.1
ed1 - 192.168.1.1
ed2 = 192.168.2.1


Right, what I need to do is this:

1) Let the 3 networks, 192.168.0.*,  192.168.1.* and 192.168.2.*
have full access to the internet using NAT, through ed0, ed1 and ed2 respectivly.

2) Have a firewall, so only the necessary ports like 22 for ssh server
need to be open. Everything else is deny'd, but the 3 internal networks
have full internet access.

3) Have firewalls, so the 3 internal networks  on ed0, ed1 and ed2 can't see each
other.

4) Have a bandwidth "cap" on each of the 3 internal networks, so they
can't saturate the connection

5) Use port forwarding, so ports on 123.123.123.123 can be sent to
machines on one of the internal networks.


I would really appreciate it if someone could point me in the right
direction for good docs on this stuff, and provide me with any scripts
/ commands you have that do this stuff.


Thanks in Advance!!


Bye for Now,

Ian


                                  \|||/ 
                                  (o o)
 /-----------------------------ooO-(_)-Ooo----------------------------\
 |  Ian Chilton                    E-Mail: ian@ichilton.co.uk         |
 |  IRC Nick: GadgetMan            Backup: ichilton@www.linux.org.uk  |
 |  ICQ: 16007717 / 104665842      Web   : http://www.ichilton.co.uk  |
 |--------------------------------------------------------------------|
 |       For people who like peace and quiet: a phoneless cord        |
 \--------------------------------------------------------------------/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message