From owner-freebsd-questions@FreeBSD.ORG Mon Oct 20 06:00:45 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E48516A4B3 for ; Mon, 20 Oct 2003 06:00:45 -0700 (PDT) Received: from g38.rdsbv.ro (g38.rdsbv.ro [193.231.237.197]) by mx1.FreeBSD.org (Postfix) with ESMTP id ADEAE43FB1 for ; Mon, 20 Oct 2003 06:00:44 -0700 (PDT) (envelope-from g38@rdsbv.ro) Received: from dzerjinski.kgb.ro (kgb [193.231.237.196]) by g38.rdsbv.ro (Postfix) with ESMTP id B28DADCA9; Mon, 20 Oct 2003 16:00:42 +0300 (EEST) From: Petre Bandac Organization: g38 To: freebsd-questions@freebsd.org, Lowell Gilbert Date: Mon, 20 Oct 2003 16:00:42 +0300 User-Agent: KMail/1.5.1 References: <200310181006.21802.g38@rdsbv.ro> <44fzhokrbl.fsf@be-well.ilk.org> In-Reply-To: <44fzhokrbl.fsf@be-well.ilk.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200310201600.42336.g38@rdsbv.ro> Subject: Re: ipfw routing X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: g38@rdsbv.ro List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Oct 2003 13:00:45 -0000 X-List-Received-Date: Mon, 20 Oct 2003 13:00:45 -0000 On Monday 20 October 2003 15:48 Anno Domini, Lowell Gilbert wrote using one of his keyboards: > Petre Bandac writes: > > I have to use a freebsd machine as a gateway router; I did manage to make > > natd work, but now I have also a subnet routed to the machine > > That sounds fine. How you handle it will depend on whether you want > outside hosts to be able to initiate connections into that subnet or > not. If not, it's easy: you just need '-unregistered_only'. > > If you do want full access into those machines, I don't see why > just setting up a route on the gateway machine shouldn't be enough to > just do it on a machine already configured for IP forwarding. Of > course, you'll need to let the packets through the firewall. all I did was ipfw add pass all from any to $subnet ipfw add pass all from $subnet to any and it works my problem was that I googled around and didn't find the answer to my problem, so I had to figure it out myself if you are familiar with freebsd routers/gateways, I would welcome any hints/ advices/howtoes/links/etc what I want is to get the LAN behind rl1 to the internet (connected via rl0) with routable (i.e. public) IP addresses > > I'm looking for the ipfw command similar to iptables' -A FORWARD -d > > $subnet/ $mask -j ACCEPT > > Sorry, I don't use iptables, so that doesn't mean anything to me. I am new to freebsd (and slowly moving to the intermediate level), but I have a few years of linux experience behind, that's why I tried a comparison between the 2 > I can guess that it's going to just let in all packets destined for > subnet/mask, but surely you want to do *some* firewalling... yes, I surely do > > also, what's the difference between ipfw add pass and ipfw add forward ? > > The former accepts a packet for processing by the IP stack, while the > latter bypasses the forwarding portions of the stack. got it thanks, petre -- 3:56PM up 8 days, 4:01, 4 users, load averages: 0.94, 0.47, 0.26