Re: My FreeBSD Firewall

From: Crist J. Clark (cjclark@reflexnet.net)
Date: 01/30/01 

Date: Mon, 29 Jan 2001 22:45:48 -0800
From: "Crist J. Clark" <cjclark@reflexnet.net>
To: mharding@marketnews.com

On Mon, Jan 29, 2001 at 09:51:54PM -0500, mharding@marketnews.com wrote:
> Hello. I am building a Firewall and have some questions about how to implement
> it. The basic firewall is a FreeBSD box running squid for transparent proxy,
> IPFW for dummynet to rate limit syn's, and IPF as my main statefull packet
> filter. The problem I have is with putting this into production. I have a T1
> to the internet, the routers IP address is 172.16.1.1(well not really but it
> works for the example) and all of the computers on the LAN are in the 172.16.1.0
> (once again..only for the example) network. So here I get to the
> question....is there any way to set the firewall with the same IP address as
> the router to make the install fairly transparent to the users? Could I set
> the firewall up as 172.16.1.1 and use NAT to let it communicate with the router
> for internet traffic? How would I set up my routing tables? Also if anyone
> has any input as far as how I am building my firewall that would be very
> appreciated.

Easy. Put a RFC1918 LAN in between the router and firewall,

                                                            {
 Router:192.168.100.1---192.168.100.2:Firewall:172.16.1.1---{ 172.16.1.0/xx
                                                            {

Just change the internal address of the router and add the route (in
route(8) syntax),

  route add net 172.16.1.0/xx 192.168.100.2

No need for NAT or anything wack like that. 

-- 
Crist J. Clark                           cjclark@alum.mit.edu
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: solaris
    ... >> router while I attempted to explain the router was ... >> of handling a CLI OS like FreeBSD? ... that these individuals would not be the target market ... > despite the fact that it should include a firewall. ...
    (freebsd-questions)
  • Re: 3 LAN, 2 WAN - 2 LAN use 1 WAN, last LAN uses other WAN
    ... Internet over different paths after that. ... With a single LAN Router for all the segments, ... Then each "business" uses the Firewall they are supposed to use for the ...
    (microsoft.public.windows.server.networking)
  • Re: AdAware, SpyBot S &D, etc. + leave PC connected to Internet
    ... >It will be a while I get the router and do that. ... >> labelling on the box to be sure it has firewall features. ... name, like Disconnect from Internet, and click Finish. ... generally talking only about "critical patches" that affect security. ...
    (comp.security.firewalls)
  • Re: Networking problems with router between 2 p.c.s
    ... >> router for internet access. ... >> disable the internet connection firewall in the LAN ... isn't suitable for use on a local area network. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Is this a wise configuration?
    ... A have a single DSL connection to the internet at my house. ... connection goes through a router, ... With this many "test" servers running, however, there are many ... Generally referred to as "DMZ" when you search for firewall info ...
    (comp.os.linux.networking)
Quantcast