Date: Sun, 30 Jun 2002 18:00:08 -0500 (CDT) From: Nick Rogness <nick@rogness.net> To: Corey Snow <corey@snowpoint.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: ipfw, nat and routing Message-ID: <Pine.BSF.4.21.0206301734000.20077-100000@cody.jharris.com> In-Reply-To: <3D189BDC.28738.2074C888@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Jun 2002, Corey Snow wrote: > Hi- > > I'm currently trying to set up a FreeBSD 4.5-RELEASE box as both a > router and a NAT system. Basically, it has two NICs, and sits between > my DMZ and my private LAN. The DMZ is connected to the Internet via a > FreeBSD-based filtering bridge, which works fine. > > The DMZ is where I keep my routable IPs, for things like my webserver > and mail system. On the backside of my NAT firewall, I use RFC1918 > addresses. The outer interface of the NAT firewall has a routable > address, obviously. > > I can get all this to work just fine. However, there's one more thing > I'd like to add to this- the ability for the NAT firewall to also do > simple routing between interfaces for my RFC1918 addresess. See, on > my DMZ, in addition to my external IP addresses, I have used some > RFC1918 addresses for various purposes, mostly for local > administration. These RFC 1918 IPs are all in a single Class C. On > the inside of the NAT firewall, I have another collection of RFC 1918 > addresses, also in their own Class C. > > The internal interface of the NAT firewall has an address that is > within that Class C, as does every other host on the network. The > external interface of the NAT firewall has both a public IP and a > private one. The private one is set as an alias. > > I'd like my firewall to route packets from my internal private Class C > to my DMZ one, or if packets are destined for the Internet, to perform > NAT and pump them out on the public IP. > > I can get this working one way, or the other, but not both at once. > I'm still experimenting, but any suggestions would be helpful. Thanks > a bunch. Could you send a small network map...I'm having difficulty understanding what you are doing or trying to do. Also send the output of: # netstat -rn # ifconfig -a # ipfw -a l # cat /etc/rc.conf And please... only send to freebsd-questions. freebsd-ipfw is not intended for questions like this. Nick Rogness <nick@rogness.net> - Don't mind me...I'm just sniffing your packets To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0206301734000.20077-100000>