Date: Tue, 23 Dec 2003 08:54:14 -0800 From: Darcy Buskermolen <darcy@wavefire.com> To: Peter Serwe <peter@easytree.net>, freebsd-net@freebsd.org Subject: Re: ipfw/natd/3 nic Message-ID: <200312230854.14948.darcy@wavefire.com> In-Reply-To: <3FE841B4.8E6D47E9@easytree.net> References: <3FE841B4.8E6D47E9@easytree.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On December 23, 2003 05:23 am, Peter Serwe wrote: > Okay, > > Basically, since FreeBSD is (in my mind anyway) > the ultimate leatherman of the OS world, and God's > own gift to networking and network services in general > I decided to try to do a 3 nic ipfw/natd setup. > > I've done 2 nic ipfw/natd a couple of times, straight > ipfw public-->public ipfw a couple of times, I'm fairly > comfortable with it.. > > After searching around, I found a message from > Gilson (de?)Paiva referencing some stuff Barney Wolff > told him that basically straightened it out. > > Here's what I'm trying to accomplish: > > I have 2 internal networks that I'll term > private_private (192.168.1.0/24) > and public_private (192.168.2.0/24). > > The total number of clients between both > networks probably could never exceed 100, > and probably won't ever exceed 50. > > I have one public ip address. > > I need both networks to be able to surf, > but I _never_ want ANY traffic to be able > to go in between except from someone having > direct access to the router. Why not just add soem simple firewall rules such as: ipfw add deny ip from private_private to public_private ipfw add deny ip from public_private to private_private before you do your divert rule ? -- Darcy Buskermolen Wavefire Technologies Corp. ph: 250.717.0200 fx: 250.763.1759 http://www.wavefire.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200312230854.14948.darcy>