From owner-freebsd-net@FreeBSD.ORG Tue Oct 17 09:39:36 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A7A8B16A415 for ; Tue, 17 Oct 2006 09:39:36 +0000 (UTC) (envelope-from spadge@fromley.net) Received: from mtaout02-winn.ispmail.ntl.com (mtaout02-winn.ispmail.ntl.com [81.103.221.48]) by mx1.FreeBSD.org (Postfix) with ESMTP id CC45F43D49 for ; Tue, 17 Oct 2006 09:39:34 +0000 (GMT) (envelope-from spadge@fromley.net) Received: from aamtaout01-winn.ispmail.ntl.com ([81.103.221.35]) by mtaout02-winn.ispmail.ntl.com with ESMTP id <20061017093933.GYYG27023.mtaout02-winn.ispmail.ntl.com@aamtaout01-winn.ispmail.ntl.com>; Tue, 17 Oct 2006 10:39:33 +0100 Received: from tobermory.home ([86.0.166.176]) by aamtaout01-winn.ispmail.ntl.com with ESMTP id <20061017093932.BSWS644.aamtaout01-winn.ispmail.ntl.com@tobermory.home>; Tue, 17 Oct 2006 10:39:32 +0100 Received: from webmail.fromley.net (localhost.home [127.0.0.1]) by tobermory.home (Postfix) with ESMTP id 9583DA6C5D; Tue, 17 Oct 2006 10:39:30 +0100 (BST) Received: from 213.123.179.188 (SquirrelMail authenticated user spadge) by webmail.fromley.net with HTTP; Tue, 17 Oct 2006 10:39:30 +0100 (BST) Message-ID: <33180.213.123.179.188.1161077970.squirrel@webmail.fromley.net> In-Reply-To: References: Date: Tue, 17 Oct 2006 10:39:30 +0100 (BST) From: "Spadge Fromley" To: "Aaron Burke" User-Agent: SquirrelMail/1.4.8 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: freebsd-net@freebsd.org, fwun@bigpond.net.au Subject: RE: Static route & NAT X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Oct 2006 09:39:36 -0000 > I much of this is from http://www.irbs.net/FreeBSD/FAQ/networking.html . > >> > I am wondering how to implement a freebsd router without NAT enbaled? >> > There are 3 subnets connected to this freebsd router. all of >> them need to >> > access the Internet. > Due to the lack of NAT, I assume that they all use public interfaces. I'm not so brave. > You may want to look into the installation of routed That would have been my 'Plan B' :) > >> I have to admit to not being entirely sure what it is you're asking. > I am not either, but I hope to provide some good info. > >> Does ipfw not just handle it? > It can, but doing so requires that special rules be put in place. Every > rule that is processed accumulates additional delay. Yeah, but if you're just passing packets to and from three subnets, then you can get away with less than a handful of rules to cover it. > > There is an easier way to forward packets from each network. Simply change > 'net.inet.ip.forwarding = 0' to 'net.inet.ip.forwarding = 1' via sysctl. > You can also enable this in rc.conf via 'gateway_enable="YES"'. Totally, but if you have a firewall in place, you're still going to need to allow the traffic to pass through in either direction. > >> >> I suspect the easiest way may be to have one NIC per subnet in the fbsd >> router, and use natd. > More than one nic is not required, but if you have the slots available, it > can save some increadible headaches. It is possible (however extreemly > unwise) to run all 3 of them in via a single NIC. Hence "easiest way" :) I've added the original poster to the CC list. I'm no routing expert, so I'm learning as I type. -- Spadge 'Intoccabile'