Date: Tue, 23 Dec 2003 11:23:23 -0500 From: Barney Wolff <barney@databus.com> To: Peter Serwe <peter@easytree.net> Cc: freebsd-net@freebsd.org Subject: Re: ipfw/natd/3 nic Message-ID: <20031223162323.GA44463@pit.databus.com> In-Reply-To: <3FE841B4.8E6D47E9@easytree.net> References: <3FE841B4.8E6D47E9@easytree.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Dec 23, 2003 at 08:23:00AM -0500, Peter Serwe wrote: > > I have 2 internal networks that I'll term > private_private (192.168.1.0/24) > and public_private (192.168.2.0/24). > > I have one public ip address. > > I need both networks to be able to surf, > but I _never_ want ANY traffic to be able > to go in between except from someone having > direct access to the router. The router shouldn't > be passing any traffic in between private networks. I don't think you need(ed) two public addresses to accomplish what you want. The ipfw divert rule can have "via <external-nic>" to apply only to packets to/from the Internet, and you can have deny rules for packets flowing between your two internal nets. I don't see a need to run two natd's here. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031223162323.GA44463>