Date: Mon, 20 Oct 2003 16:00:42 +0300 From: Petre Bandac <g38@rdsbv.ro> To: freebsd-questions@freebsd.org, Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> Subject: Re: ipfw routing Message-ID: <200310201600.42336.g38@rdsbv.ro> In-Reply-To: <44fzhokrbl.fsf@be-well.ilk.org> References: <200310181006.21802.g38@rdsbv.ro> <44fzhokrbl.fsf@be-well.ilk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 20 October 2003 15:48 Anno Domini, Lowell Gilbert wrote using one of his keyboards: > Petre Bandac <g38@rdsbv.ro> writes: > > I have to use a freebsd machine as a gateway router; I did manage to make > > natd work, but now I have also a subnet routed to the machine > > That sounds fine. How you handle it will depend on whether you want > outside hosts to be able to initiate connections into that subnet or > not. If not, it's easy: you just need '-unregistered_only'. > > If you do want full access into those machines, I don't see why > just setting up a route on the gateway machine shouldn't be enough to > just do it on a machine already configured for IP forwarding. Of > course, you'll need to let the packets through the firewall. all I did was ipfw add pass all from any to $subnet ipfw add pass all from $subnet to any and it works my problem was that I googled around and didn't find the answer to my problem, so I had to figure it out myself if you are familiar with freebsd routers/gateways, I would welcome any hints/ advices/howtoes/links/etc what I want is to get the LAN behind rl1 to the internet (connected via rl0) with routable (i.e. public) IP addresses > > I'm looking for the ipfw command similar to iptables' -A FORWARD -d > > $subnet/ $mask -j ACCEPT > > Sorry, I don't use iptables, so that doesn't mean anything to me. I am new to freebsd (and slowly moving to the intermediate level), but I have a few years of linux experience behind, that's why I tried a comparison between the 2 > I can guess that it's going to just let in all packets destined for > subnet/mask, but surely you want to do *some* firewalling... yes, I surely do > > also, what's the difference between ipfw add pass and ipfw add forward ? > > The former accepts a packet for processing by the IP stack, while the > latter bypasses the forwarding portions of the stack. got it thanks, petre -- 3:56PM up 8 days, 4:01, 4 users, load averages: 0.94, 0.47, 0.26
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200310201600.42336.g38>