Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.rmit.EDU.AU!news.unimelb.EDU.AU!munnari.OZ.AU!spool.mu.edu!news.sol.net!newspump.sol.net!uniserve!n2van.istar!van.istar!news-w.ans.net!newsfeeds.ans.net!newsjunkie.ans.net!newsfeeds.ans.net!howland.reston.ans.net!nntp.coast.net!fu-berlin.de!news.dfn.de!news.gwdg.de!news From: switzel@uni-goettingen.de (Stefan Witzel) Newsgroups: comp.unix.bsd.freebsd.misc,comp.security.firewalls Subject: HELP: installing IPFW (FreeBSD 2.1.0) Date: 31 May 1996 09:07:40 GMT Organization: Universitaet Goettingen Lines: 62 Message-ID: <4omcss$6fa@gwdu19.gwdg.de> NNTP-Posting-Host: dv104.zvw.uni-goettingen.de Mime-Version: 1.0 Content-Type: Text/Plain; charset=US-ASCII X-Newsreader: WinVN 0.99.7 Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:20397 comp.security.firewalls:2631 Up to now we have a seperate network with IP addresses say a.b.c.d. (netmask 255.255.0.0, broadcast a.b.255.255 set on all machines. I want to connect this net to another using FreeBSD as an packet filter. I install a FreeBSD machine with 2 interfaces and IPFW enabled. For testing purposes I set up a test bed: External Hub I I I +------------+ I I I +------------------------+ I I "External Machine" I I I I I I IP address a.b.c.w I I I netmask 255.255.0.0 I I I broadcast a.b.255.255 I I +------------------------+ I I I +------------------------+------------------------+ I Packet Filter I I ed0 I ed1 I I IP address a.b.c.x I IP address a.b.c.y I I netmask 255.255.0.0 I netmask 255.255.0.0 I I broadcast a.b.255.255 I broadcast a.b.255.255 I +------------------------+------------------------+ I Internal Hub I I +------------------------+ I "Internal Machine" I I I I IP address a.b.c.z I I netmask 255.255.0.0 I I broadcast a.b.255.255 I +------------------------+ Testing the configuration with ping I got the following results (no ipfw rules given): from to result --------------------------------- a.b.c.w a.b.c.x success :-) a.b.c.w a.b.c.y failure :-) a.c.c.z a.b.c.x failure :-) but: a.b.c.z a.b.c.y failure :-( Is there anything wrong in my configuration ? Have I to set up a subnet to protect the machines behind the packet filter ? Thanks in advance. -- Stefan Witzel switzel@uni-goettingen.de Universitaet Goettingen / Stabsstelle DV ------------------------- Gosslerstrasse 5-7 fon: +49 551 394160 37073 Goettingen fax: +49 551 399612 Germany -------------------------