From owner-freebsd-isp  Wed May 29 10:32:30 2002
Delivered-To: freebsd-isp@freebsd.org
Received: from starcraft.mweb.co.za (starcraft.mweb.co.za [196.2.45.78])
	by hub.freebsd.org (Postfix) with ESMTP id BC36F37C514
	for <freebsd-isp@freebsd.org>; Wed, 29 May 2002 10:28:40 -0700 (PDT)
Received: from cpt-dial-196-30-178-169.mweb.co.za ([196.30.178.169] helo=genocide)
	by starcraft.mweb.co.za with smtp (Exim 4.01)
	id 17D7Bn-0008Gp-00; Wed, 29 May 2002 19:24:48 +0200
Message-ID: <009201c20736$1b604e80$0101a8c0@megalan.co.za>
From: "Chris Knipe" <savage@savage.za.org>
To: "Max" <max@ecotech.com.lr>, <freebsd-isp@freebsd.org>
References: <Pine.BSF.4.21.0205291657050.295-100000@park.rambler.ru> <005201c20714$220071b0$04ef10ac@wireless>
Subject: Re: Firewall Setup
Date: Wed, 29 May 2002 19:25:46 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org

> My network has other routers hardware and software. I want just few
machines
> to use this new router instead of the whole network so that even if a
client
> sets this
> router has his default gateway, he will not be able to access the
Internet!

Isn't this more of a static-routing option rather than a firewall?  A
firewall will block the packets, meaning that the clients which use the
"wrong" router, will have *no* internet access, rather than be directed
towards the right router.

You can most probably redirect the packets from one firewall to another, but
that's limited to a per port basis.  I think the simplest solution would
just be to re-route certain data from the "wrong" router, to the "right"
router

route add <network> <mask> <gateway>   if I'm not mistaken.

So, if you have 10.0.0.0/255.0.0.0 and want 10.0.1.0/24 to be assigned to
router 1, on your 2, you'll add a static route for that network, routing it
back to router 1.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message