Return to BSD News archive
#! rnews 2130 bsd Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!uunet!in1.uu.net!144.212.100.12!news.mathworks.com!rill.news.pipex.net!pipex!tank.news.pipex.net!pipex!news.utell.co.uk!shift.utell.net!nobody From: brian@shift.utell.net (Brian Somers) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: firewall... Date: Wed, 2 Jul 1997 16:15:13 +0100 Organization: Awfulhak Ltd. Lines: 44 Message-ID: <1ardp5.43a.ln@shift.utell.net> References: <33B9C45A.6CFD11D5@microa.com> Reply-To: brian@awfulhak.org, brian@utell.co.uk NNTP-Posting-Host: shift.utell.net Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Newsreader: knews 0.9.8 Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:43825 In article <33B9C45A.6CFD11D5@microa.com>, greg baxter <greg@microa.com> writes: > this was posted on the firewall news group. since i'm using > freebsd, thought maybe this may generate some response > from the gurus... > > we want to firewall our local net using freebsd 2.2. > > a little confused, we put two nics in one bsd machine, > each with its own different network (not just diff host). > > the idea is, we need it to: > > hit our inet router, a t1 interface when called to do so > by any local machine. this is on net 'a'. i suppose this > is the only host that will be on net 'a' other than the > nic in the bsd box. right? > > route ip data for us, with appropriate filtering via ipfw. > from net 'b' to net 'a' (net 'a' is the internet side of > things). > > do we need to configure this machine as a 'gateway' as > defined in rc.conf? turn on 'routing' in same rc file? You need gateway=YES and probably don't need any routing stuff. Set your defaultrouter to your t1 router on the FreeBSD box and set the FreeBSD box as the router for all machines on net b. > thanks in advance -- greg > > -- > death, taxes and liberals will always be with us. > death however, does not get worse with time. > > see the micro-a web page at: www.microa.com -- Brian <brian@awfulhak.org> <brian@freebsd.org> <http://www.awfulhak.org> Don't _EVER_ lose your sense of humour !