From owner-freebsd-questions  Tue Sep 15 11:23:09 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA00506
          for freebsd-questions-outgoing; Tue, 15 Sep 1998 11:23:09 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from java.dpcsys.com (java.dpcsys.com [206.16.184.7])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA00498
          for <freebsd-questions@FreeBSD.ORG>; Tue, 15 Sep 1998 11:23:05 -0700 (PDT)
          (envelope-from dan@dpcsys.com)
Received: from localhost (dan@localhost) by java.dpcsys.com (8.8.7/8.8.2) with SMTP id LAA05446; Tue, 15 Sep 1998 11:22:59 -0700 (PDT)
Date: Tue, 15 Sep 1998 11:22:59 -0700 (PDT)
From: Dan Busarow <dan@dpcsys.com>
To: chas <panda@peace.com.my>
cc: freebsd-questions@FreeBSD.ORG
Subject: Re: How to use FBSD as a proxy between firewall and LAN. (or  shouldn't I ?)
In-Reply-To: <3.0.32.19980915230005.00d6dacc@mail.peace.com.my>
Message-ID: <Pine.BSF.3.96.980915111542.28424G-100000@java.dpcsys.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Tue, 15 Sep 1998, chas wrote:
> Trying to implement a firewall/network :
> 
>                                 |<--> Server Farm A
>                                 |
>                                 |<--> Server Farm B
> [INet]<--> Router <--> Firewall |
>                                 |<--> FBSD Proxy <-- LAN
>                                 |
>                                 |<--> free
> 
> The firewall is on a Sun box with a quad-NIC using commercial
> firewall software. The LAN has over 100 PCs.
> 
> Does it make sense to use a FreeBSD box as I have shown
> above to act as a Proxy (and also router) between the LAN
> and the Firewall ? Does this network layout make sense or
> have I lost the plot ? (not that I really understood it in
> the first place).

Sure.  You need to turn on IPFW in the kernel and build a new kernel
(see the Handbok) and run natd on the NIC connected to the Sun.
Also run a DHPC server on the FreeBSD box to assign all those PCs
their RFC1918 addresses.  (both Wide and ISC dhcp's are in ports)

In /etc/rc.conf set 
firewall_type="OPEN"
gateway="YES"

You can tighten up the firewall later if desired.

> To set up the FreeBSD proxy above, will it really require
> static routes for all the PCs between the LAN and the Firewall ?

No

Dan
-- 
 Dan Busarow                                                  949 443 4172
 Dana Point Communications, a California corporation        dan@dpcsys.com
 Dana Point, California  83 09 EF 59 E0 11 89 B4   8D 09 DB FD E1 DD 0C 82


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message