Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.rmit.EDU.AU!news.unimelb.EDU.AU!munnari.OZ.AU!spool.mu.edu!news.sol.net!newspump.sol.net!uniserve!n2van.istar!van.istar!news-w.ans.net!newsfeeds.ans.net!newsjunkie.ans.net!newsfeeds.ans.net!howland.reston.ans.net!nntp.coast.net!fu-berlin.de!news.dfn.de!news.gwdg.de!news
From: switzel@uni-goettingen.de (Stefan Witzel)
Newsgroups: comp.unix.bsd.freebsd.misc,comp.security.firewalls
Subject: HELP: installing IPFW (FreeBSD 2.1.0)
Date: 31 May 1996 09:07:40 GMT
Organization: Universitaet Goettingen
Lines: 62
Message-ID: <4omcss$6fa@gwdu19.gwdg.de>
NNTP-Posting-Host: dv104.zvw.uni-goettingen.de
Mime-Version: 1.0
Content-Type: Text/Plain; charset=US-ASCII
X-Newsreader: WinVN 0.99.7
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:20397 comp.security.firewalls:2631
Up to now we have a seperate network with IP addresses say a.b.c.d.
(netmask 255.255.0.0, broadcast a.b.255.255 set on all machines.
I want to connect this net to another using FreeBSD as an packet
filter. I install a FreeBSD machine with 2 interfaces and IPFW
enabled. For testing purposes I set up a test bed:
External Hub
I I
I +------------+
I I I
+------------------------+ I
I "External Machine" I I
I I I
I IP address a.b.c.w I I
I netmask 255.255.0.0 I I
I broadcast a.b.255.255 I I
+------------------------+ I
I
I
+------------------------+------------------------+
I Packet Filter I
I ed0 I ed1 I
I IP address a.b.c.x I IP address a.b.c.y I
I netmask 255.255.0.0 I netmask 255.255.0.0 I
I broadcast a.b.255.255 I broadcast a.b.255.255 I
+------------------------+------------------------+
I
Internal Hub
I
I
+------------------------+
I "Internal Machine" I
I I
I IP address a.b.c.z I
I netmask 255.255.0.0 I
I broadcast a.b.255.255 I
+------------------------+
Testing the configuration with ping I got the following results
(no ipfw rules given):
from to result
---------------------------------
a.b.c.w a.b.c.x success :-)
a.b.c.w a.b.c.y failure :-)
a.c.c.z a.b.c.x failure :-)
but: a.b.c.z a.b.c.y failure :-(
Is there anything wrong in my configuration ? Have I to set up a
subnet to protect the machines behind the packet filter ?
Thanks in advance.
--
Stefan Witzel switzel@uni-goettingen.de
Universitaet Goettingen / Stabsstelle DV -------------------------
Gosslerstrasse 5-7 fon: +49 551 394160
37073 Goettingen fax: +49 551 399612
Germany -------------------------