Date: Tue, 14 Oct 2003 16:49:19 -0400 From: "Jason Lavigne" <jlavigne@bwlogic.com> To: <freebsd-questions@freebsd.org> Subject: route between LAN, DMZ and INET Message-ID: <000501c39294$a36a65a0$0501a8c0@canada>
next in thread | raw e-mail | index | archive | help
Hello all, =A0 Below you will find my ifconfig output and my /etc/rc.conf file. =A0 I would like to setup a firewall/router that will route between my private LAN, my DMZ and the Internet. Currently I have the following: =A0 I installed FreeBSD 5.1 Installed 3 nics dc0 (LAN, 192.168.1.111), connected to a 24 port 3Com hub dc1 (DMZ, 216.138.226.22), connected to a 12 port IBM switch xl0 (INET, 216.138.224.10), connected to Alcatel dsl modem =A0 I have a /28 IP block (216.138.226.16/28) and my default gateway is 216.138.224.9. =A0 I turned on routed using /stand/sysinstall after the installation. =A0 I have been able to ping addresses from all 3 interfaces and I have been able to ping to dc0 and dc1 from computers on those networks. =A0 Currently I can not use 192.168.1.111 as my gateway on any computers on the private LAN to get to the Internet, I can ping it but that is as far as I can go. =A0 What I would like is someone to guide me in the right direction as to what I need to be doing here. Do I need natd? Do I need to make kernel config changes? Is gated a better option over routed? Any guidance any of kind you can provide would be greatly appreciated. The next step after this is to add ipfw and maybe ipsec. =A0 Thanks all for allowing me to ask this newbie question. =A0 cheers =A0 Jay =A0 here is my ifconfig =A0 dc0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 =A0=A0=A0=A0=A0=A0=A0 inet 192.168.1.111 netmask 0xffffff00 broadcast = 192.168.1.255 =A0=A0=A0=A0=A0=A0=A0 inet6 fe80::203:6dff:fe00:9bd%dc0 prefixlen 64 = scopeid 0x1 =A0=A0=A0=A0=A0=A0=A0 ether 00:03:6d:00:09:bd =A0=A0=A0=A0=A0=A0=A0 media: Ethernet autoselect (100baseTX) =A0=A0=A0=A0=A0=A0=A0 status: active dc1: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 =A0=A0=A0=A0=A0=A0=A0 inet 216.138.226.22 netmask 0xfffffff0 broadcast = 216.138.226.31 =A0=A0=A0=A0=A0=A0=A0 inet6 fe80::280:c6ff:feea:7af1%dc1 prefixlen 64 = scopeid 0x2 =A0=A0=A0=A0=A0=A0=A0 ether 00:80:c6:ea:7a:f1 =A0=A0=A0=A0=A0=A0=A0 media: Ethernet autoselect (100baseTX = <full-duplex>) =A0=A0=A0=A0=A0=A0=A0 status: active xl0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 =A0=A0=A0=A0=A0=A0 =A0options=3D3<RXCSUM,TXCSUM> =A0=A0=A0=A0=A0=A0=A0 inet 216.138.224.10 netmask 0xfffffffc broadcast = 216.138.224.11 =A0=A0=A0=A0=A0=A0=A0 inet6 fe80::250:daff:fe1b:90c3%xl0 prefixlen 64 = scopeid 0x3 =A0=A0=A0=A0=A0=A0=A0 ether 00:50:da:1b:90:c3 =A0=A0=A0=A0=A0=A0=A0 media: Ethernet autoselect (10baseT/UTP) =A0=A0=A0=A0=A0=A0=A0 status: active lp0: flags=3D8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500 lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 =A0=A0=A0=A0=A0=A0=A0 inet6 ::1 prefixlen 128 =A0=A0=A0=A0=A0=A0=A0 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 =A0=A0=A0=A0=A0=A0=A0 inet 127.0.0.1 netmask 0xff000000 =A0 here is my /etc/rc.conf =A0 gateway_enable=3D"YES" hostname=3D"fw.bwlogic.com" # LAN ifconfig_dc0=3D"inet 192.168.1.111 netmask 255.255.255.0" # DMZ ifconfig_dc1=3D"inet 216.138.226.22 netmask 255.255.255.240" # INET ifconfig_xl0=3D"inet 216.138.224.10 netmask 255.255.255.252" kern_securelevel_enable=3D"NO" sendmail_enable=3D"YES" sshd_enable=3D"YES" usbd_enable=3D"YES" # routed settings router_flags=3D"-q" router=3D"/sbin/routed" router_enable=3D"YES" =A0 =A0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000501c39294$a36a65a0$0501a8c0>