From owner-freebsd-questions Tue Aug 10 12:45:54 1999 Delivered-To: freebsd-questions@freebsd.org Received: from mail.alaskaair.com (mail.alaskaair.com [159.49.254.31]) by hub.freebsd.org (Postfix) with ESMTP id F1BB215470 for ; Tue, 10 Aug 1999 12:45:48 -0700 (PDT) (envelope-from elazich@AlaskaAir.com) Received: by mail.alaskaair.com from localhost (router,SLMail V3.2); Tue, 10 Aug 1999 12:41:49 -0700 Received: from [159.49.254.10] [159.49.254.10] by mail.alaskaair.com [159.49.254.31] (SLmail 3.2.3113) with SMTP id 66F98AD94DAB11D3A4DB0090274036DC for plus 1 more; Tue, 10 Aug 1999 12:41:48 -0700 From: elazich@AlaskaAir.com To: roelof@nisser.com Cc: freebsd-questions@FreeBSD.ORG Received: from asnasta.alaskaair.com by [159.49.254.10] via smtpd (for mail.alaskaair.com [159.49.254.31]) with SMTP; 10 Aug 1999 19:45:02 UT Date: Tue, 10 Aug 1999 12:44:56 -0700 Subject: Re: IPFW & NATD Message-ID: References: <37B07E47.87BA2924@nisser.com> Organization: Alaska Airlines MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit Content-ID: X-Gateway: NASTA Gate 2.0 for FirstClass(R) X-SLUIDL: 5FFB7D73-4E7811D3-A4DB0090-274036DC Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Yes, sorry I meant on the public interface, so that's all there is to it? Just setup a rule for my firewall to divert packets and my internal hosts can access internet hosts? What about DNS, do I/can I set up dual level DNS so my internal hosts can resolve amongst themselves and can also forward request from the internal DNS server to the one running on the public interface. Eli roelof@nisser.com writes: >elazich@AlaskaAir.com wrote: >> >> Sorry if this has been asked and answered and if it has just point me >> in the right direction. What I want to do is pretty simple, run my >> FBSD box as a firewall with a static IP address on the external >> interface on a DSL connection. I also have an internal interface >which >> is on the 10 net work along with about 10 machines behind the >firewall. >> As I understand it, I have recompiled a kernel with the appropriate >> IPFW options (3 of them as I recall) and run natd. The question I >have >> is this, am I right in running natd on my internal interface? And do >I >> simply need a IPFW divert rule directing traffic from natd out or am I >> completely missing the boat here. Any help is greatly appreciated. >No, you must run natd on the public interface. You should also declare >a firewall_type, start with open, as well as enable the firewall. >Roelof >-- >Home is where the (@) http://eboa.com/ is. >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message