From owner-freebsd-questions  Mon Apr  1  8: 4:57 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from nyogtha.unknownkadath.net (nyogtha.unknownkadath.net [209.153.153.179])
	by hub.freebsd.org (Postfix) with ESMTP id DF80F37B417
	for <freebsd-questions@FreeBSD.ORG>; Mon,  1 Apr 2002 08:04:47 -0800 (PST)
Received: from cm (grebner.com [198.109.164.203])
	by nyogtha.unknownkadath.net (8.12.2/8.12.2) with SMTP id g31GHIs0077728
	for <freebsd-questions@FreeBSD.ORG>; Mon, 1 Apr 2002 11:17:18 -0500 (EST)
From: "Asenchi" <asenchi@asenchi.com>
To: <freebsd-questions@FreeBSD.ORG>
Subject: ?: natd and ipfw
Date: Mon, 1 Apr 2002 11:04:46 -0500
Message-ID: <BNEFIOCCBGNFNCEKAMLMCEJBCIAA.asenchi@asenchi.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
In-Reply-To: <02040117292900.00446@getafix.perimeter.co.za>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

hello,

i am somewhat new at fbsd, and i am setting up a firewall for a network.  I
have a question about configuring three nics to handle dmz stuff along with
the internal network.

here is my setup:

INTERNET -> [oif=vr0 1.1.1.1] -> [iif1=xl0 10.10.0/24] -> NETWORK
			|
		[iif2=rl0 10.10.1/24] -> DMZ (Webserver/Email/FTP)

Here is how my configuration is setup:

I have IPFW built into the kernel.  Right now I have built my own
rc.firewall file and am using that.  I also have natd running and enabled in
rc.conf.

I guess I don't know what else you would need, if you want me to send along
my configurations I can do that.

Here is my question.  How do I redirect incoming packets that want to go to
my website to my DMZ side of the network?  I have read about -redirect_port
/ -redirect_address but really don't understand how that will filter the
traffic.  I need to read a little more but thought maybe somebody on this
could give me some direction.

I guess I should simplify the question.  How do i route traffic that is
trying to reach my website?  How do I specify the correct traffic?  Can I
use a host name instead of an ip address in natd configurations?

Sorry if this is too much, I hope I have layed out my question so that you
can help me.  Please respond to the group with any direction you could give
me.

Thank you,

ASENCHI


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message