Re: Revised: My FreeBSD Firewall

From: Crist J. Clark (cjclark@reflexnet.net)
Date: 01/31/01 

Date: Tue, 30 Jan 2001 21:17:53 -0800
From: "Crist J. Clark" <cjclark@reflexnet.net>
To: Mason Harding <mharding@marketnews.com>

On Tue, Jan 30, 2001 at 08:14:23AM -0800, Mason Harding wrote:
> I am now just trying to implement a FreeBSD firewall, say with the IP
> address of 172.16.5.2, with the router being 172.16.5.1, and the network
> being 172.16.5.0/24. How can I handle the routing on this? my routing
> table is basically as such...
>
> Destination Gateway Netif
> default 172.16.5.1 fxp0
> 172.15.5 link#1 fxp1
> 172.16.5.1 0:0:c:80:f:30 fxp0
> 172.15.5.2/32 link#1 fxp0
>
> I can ping 172.16.5.1 with success, but if I try to ping anything past it(on
> the internet) I get no response. I can also ping anything on the LAN. Am I
> going about implementing this firewall correctly? Should I not just be
> adding a static route for 172.16.5.1? Sorry if this made no since.

You want to do bridging, not routing, if you do this since you want to
have the same network on both sides of the firewall. However, you are
probably better off changing the IP address of the router and the
external interface of the firewall to RFC1918 numbers and then have
172.16.5.0/24 on the internal network. You can then do routing to
move the traffic. 

-- 
Crist J. Clark                           cjclark@alum.mit.edu
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: Host Computer with ICS cannot be accessed
    ... You read my mind on the router thing. ... My home network is a piece of cake... ... >>firewall settings, not that I've found so far, but I'll keep looking. ... and we couldn't get file sharing working until ...
    (microsoft.public.windowsxp.network_web)
  • Re: share my printer between 2 computers and surf with 2 computers at same time
    ... The main choice you have to make is whether to have the router include wireless capability or not. ... Because wireless routers for home use are relatively inexpensive these days, I'd suggest buying a wireless router even if you don't initially intend to use that capability. ... If you already have a UTP cable going between upstairs and downstairs, you can use that to have a wired network. ... caused by 1) a misconfigured firewall; ...
    (microsoft.public.windowsxp.network_web)
  • Re: share my printer between 2 computers and surf with 2 computers at same time
    ... The main piece of hardware you need to buy is a router. ... Because wireless routers for home use are ... you can use that to have a wired network. ... caused by 1) a misconfigured firewall; ...
    (microsoft.public.windowsxp.network_web)
  • RE: [Full-Disclosure] Re: January 15 is Personal Firewall Day, help the cause
    ... the>outside world which are in response to packets originating from ... to drop in a little Trojan, your whole network can be compromised. ... NAT router works at Layer 3. ... You still need a personal firewall or ...
    (Full-Disclosure)
  • Re: MSN WORKGROUP
    ... before my router is excess the folder very quickly suddenly it excess the ... Pls guide me how can i make it again this network. ... xp or firewall., secondly i can not find my wirefall optopn in control panel ... Problems sharing files between computers on a network are generally ...
    (microsoft.public.windowsxp.network_web)