FreeBSD Gateway to replace old Linux gateway

Wed Jul 26 23:11:06 UTC 2006

I was thinking that the interfaces could simply be bridged, and could you do
a traceroute from a workstation to say google.com and see if the firewall
appears as a hop. If it's a hop, its routing, vs if its invisible, its
bridging. That should help guide you in the creation of a replacement.

DBM

-----Original Message-----
From: owner-freebsd-ipfw at freebsd.org [mailto:owner-freebsd-ipfw at freebsd.org]
On Behalf Of elaconta.com Webmaster
Sent: Wednesday, July 26, 2006 2:41 PM
To: freebsd-ipfw at freebsd.org
Subject: FreeBSD Gateway to replace old Linux gateway

Howdy

We have here an old (Mandrake Linux 8 - yeah i know...) PC with two NICs
which serves as a firewall for our LAN and runs a Bind caching nameserver.
Although the machine is getting old, it still works well. Thing is, i'm
having a hard time trying to reproduce it, that is, getting another PC to do
exactly the same thing this PC is doing. It was configured by a guy that
left the company, so i can't simply ask him how he configured it configured.
It's a precautionary measure, if the machine breaks down we need another one
to go in its place.
So while am at it i would love to replace the crusty old thing with a new
one running FreeBSD.
The networking scheme is:

Router (192.168.1.120) <-> (192.168.1.121) Firewall PC (192.168.1.122) <->
(192.168.1.0/24) LAN

Now, thing is, the Linux firewall has two NICs:

NIC 1: 192.168.1.121
NIC 2: 192.168.1.122

The two NICs on the Linux box are configured with 192.168.1.121 and
192.168.1.122, both interfaces on the same subnet. 192.168.1.121 acesses the
company router (192.168.1.120) and 192.168.1.122 acesses the company LAN
(192.168.1.0/24)
>From what i've googled, this shouldn't even be possible, everything is
on the same subnet. Regardless, it works great, and if i went and got an
FreeBSD rig to replace the old Linux rig, it would have to retain this
networking scheme, we can't afford to reconfigure the entire network just
for switching our firewall.

I known we could use a network bridge, but we need the caching nameserver
functionality.

I'm an all round Unix guy, but i'm a bit green on the routing departament.

Can an FreeBSD box be configured the same way the Linux box is so it can be
a drop-in replacement for the Linux box? I can of course depict in further
detail the configuration of the Linux box (netstat -r to show the routes,
ifconfig or whatever).

I've already prepped a FreeBSD 6.1 box which already works if the NICs in
the gateway are in different subnets (dc0 is 192.168.1.125 and dc1 is
192.168.0.5, for instance), i've changed a PC in the network to the
192.168.0.20 IP (instead of 192.168.1.20) and if connected without a problem
to the Internet, but we have lots of appliances which depend on the
192.168.1.0 style network. We would need the two NICs in the box to be in
the same subnet...

-----------------------------
Elaconta.com Webmaster
-----------------------------

_______________________________________________
freebsd-ipfw at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"