Date: Tue, 17 Oct 2006 10:39:30 +0100 (BST) From: "Spadge Fromley" <spadge@fromley.net> To: "Aaron Burke" <aburke@nullplusone.net> Cc: freebsd-net@freebsd.org, fwun@bigpond.net.au Subject: RE: Static route & NAT Message-ID: <33180.213.123.179.188.1161077970.squirrel@webmail.fromley.net> In-Reply-To: <PGENKKAMCLFNBHPINBGAAEJICOAA.aburke@nullplusone.net> References: <PGENKKAMCLFNBHPINBGAAEJICOAA.aburke@nullplusone.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> I much of this is from http://www.irbs.net/FreeBSD/FAQ/networking.html . > >> > I am wondering how to implement a freebsd router without NAT enbaled? >> > There are 3 subnets connected to this freebsd router. all of >> them need to >> > access the Internet. > Due to the lack of NAT, I assume that they all use public interfaces. I'm not so brave. > You may want to look into the installation of routed That would have been my 'Plan B' :) > >> I have to admit to not being entirely sure what it is you're asking. > I am not either, but I hope to provide some good info. > >> Does ipfw not just handle it? > It can, but doing so requires that special rules be put in place. Every > rule that is processed accumulates additional delay. Yeah, but if you're just passing packets to and from three subnets, then you can get away with less than a handful of rules to cover it. > > There is an easier way to forward packets from each network. Simply change > 'net.inet.ip.forwarding = 0' to 'net.inet.ip.forwarding = 1' via sysctl. > You can also enable this in rc.conf via 'gateway_enable="YES"'. Totally, but if you have a firewall in place, you're still going to need to allow the traffic to pass through in either direction. > >> >> I suspect the easiest way may be to have one NIC per subnet in the fbsd >> router, and use natd. > More than one nic is not required, but if you have the slots available, it > can save some increadible headaches. It is possible (however extreemly > unwise) to run all 3 of them in via a single NIC. Hence "easiest way" :) I've added the original poster to the CC list. I'm no routing expert, so I'm learning as I type. -- Spadge 'Intoccabile'
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?33180.213.123.179.188.1161077970.squirrel>