From owner-freebsd-questions Tue Jan 4 11:13:20 2000 Delivered-To: freebsd-questions@freebsd.org Received: from tetron02.tetronsoftware.com (ftp.tetronsoftware.com [208.236.46.106]) by hub.freebsd.org (Postfix) with ESMTP id 3D67E14F4D for ; Tue, 4 Jan 2000 11:13:04 -0800 (PST) (envelope-from zeus@tetronsoftware.com) Received: from tetron02.tetronsoftware.com (zeus@tetron02.tetronsoftware.com [208.236.46.106]) by tetron02.tetronsoftware.com (8.9.3/8.9.3) with ESMTP id NAA03580; Tue, 4 Jan 2000 13:16:02 -0600 (CST) (envelope-from zeus@tetronsoftware.com) Date: Tue, 4 Jan 2000 13:16:02 -0600 (CST) From: Gene Harris To: "James A. Mutter" Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPNAT - One more time - [More Info This Time] In-Reply-To: <38724221.E4B4C1E3@commercialmovers.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Your pipeline 130 was doing your NAT translation and routing. So the interface was ethernet on your network side, and ISDN or frame relay on the WAN side. The NAT translation takes place between interfaces inside your P130. For your FreeBSD box to do the same, you need a network card with a cross over cable to your P130, and a network card to your internal net. NAT and routing will take place between your two NIC's. What you seem to be doing is trying to run your internal network and your external network on the same physical network cables. This can be done, but it can open you to a lot of network traffic, and if you ever make a configuration error, you can open your internal network to some nasty things, via an invasion of your P130. So, my advice is to isolate your internal network from your pipeline using separate hardware. Even the the P130 is acting as your firewall, you can do a lot more sophisticated things with your FreeBSD box for firewall and network protection. Gene On Tue, 4 Jan 2000, James A. Mutter wrote: > > > /etc/rc.conf > > > gateway_enable="YES" > > > tcp_extensions="YES" > > > firewall_enable="NO" > > > router="routed" > > > router_flags="-q" > > > ifconfig_pn0="inet 192.196.1.10 netmask 255.255.255.0" > > > ifconfig_pn0_alias0="inet 204.107.254.XXX netmask 255.255.255.XXX" > > > defaultrouter="204.107.254.XXX" <- This is not the address of > > > 'pn0_alias0' - but rather the address of the router. > > > > > > > I see one BIG issue here. Where's the second NIC?????? You > > ain't gonna do this unless you have another interface, like > > ppp or at least a 2nd NIC. > > I thought that alias on pn0 would take care of that problem. Traffic > goes in on pn0:0 (192.196.1.10) and leaves on pn0:1 (204.107.254.XXX) - > Is this incorrect? > > Please let me know. > > Thanks, > Jim > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message