From owner-freebsd-questions Tue Apr 13 7: 4: 8 1999 Delivered-To: freebsd-questions@freebsd.org Received: from mailc.telia.com (mailc.telia.com [194.22.190.4]) by hub.freebsd.org (Postfix) with ESMTP id 9F7B614BFA for ; Tue, 13 Apr 1999 07:04:01 -0700 (PDT) (envelope-from thomas.uhrfelt@plymovent.se) Received: from d1o68.telia.com (root@d1o68.telia.com [62.20.138.241]) by mailc.telia.com (8.8.8/8.8.8) with ESMTP id QAA08243 for ; Tue, 13 Apr 1999 16:01:40 +0200 (CEST) Received: from tu (t2o68p34.telia.com [62.20.138.154]) by d1o68.telia.com (8.8.8/8.8.5) with SMTP id QAA24194 for ; Tue, 13 Apr 1999 16:01:39 +0200 (CEST) Received: by localhost with Microsoft MAPI; Tue, 13 Apr 1999 15:58:12 +0200 Message-ID: <01BE85C6.6ECE8680.thomas.uhrfelt@plymovent.se> From: Thomas Uhrfelt Reply-To: "thomas.uhrfelt@plymovent.se" To: "'freebsd-questions@freebsd.org'" Subject: Gating - IPFilter etc. Date: Tue, 13 Apr 1999 15:58:05 +0200 Organization: Plymovent AB X-Mailer: Microsoft Internet-e-post/MAPI - 8.0.0.4211 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I am in the process of setting up a gateway/firewall and I need all the help I can possibly get, so this description is going to be rather lenghty I fear. Today we are running a WinNT Server based network, but since we are getting a "constant" connection to Internet and we are planning to install some sort of firewall I thought I should use FreeBSD instead of a MicroSoft sollution. Here is a brief description of the network today: Approx 40 workstations + 2 NT Servers + (192.168.1.xxx) -------------> (192.168.1.1) Router (Dynamic IP) 1 AS/400 Here is the first step of my "planned" change: Approx 40 workstations + 2 NT Servers + (192.168.2.xxx) ----> (192.168.2.1) FreeBSD (192.168.2.2) -------> (192.168.2.1) Router (Dynamic IP) 1 AS/400 The reason for changing the routers IP is that I don't want to change all the clients as we don't use DHCP. I was planning to use IPFilter+IFNAT on the FreeBSD box to accomplish this task. So now I need to know if there is any good beginners documentation on IPFilter + IFNAT and/or if its possible at all to accomplish this using these tools. I also want to put in rather restrictive rules on what is allowed to be passed through the BSD box, so I need a pretty elaborate doc on the IPFilters capabilities ( easy to understand wouldnt be bad either ). Anyone care to enlighten me on this subject? PS: The later changes will pretty much only involve a static IP on the other side of the router and a hardware VPN sollution ( if anyone can direct me to a VPN sollution for FreeBSD that is good, that would also be appriciated ) DS. / Thomas Uhrfelt Datortekniker PlymoVent AB To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message