ipfw/natd/3 nic
Barney Wolff
barney at databus.com
Tue Dec 23 08:23:28 PST 2003
On Tue, Dec 23, 2003 at 08:23:00AM -0500, Peter Serwe wrote:
>
> I have 2 internal networks that I'll term
> private_private (192.168.1.0/24)
> and public_private (192.168.2.0/24).
>
> I have one public ip address.
>
> I need both networks to be able to surf,
> but I _never_ want ANY traffic to be able
> to go in between except from someone having
> direct access to the router. The router shouldn't
> be passing any traffic in between private networks.
I don't think you need(ed) two public addresses to accomplish what
you want. The ipfw divert rule can have "via <external-nic>" to
apply only to packets to/from the Internet, and you can have deny
rules for packets flowing between your two internal nets. I don't
see a need to run two natd's here.
--
Barney Wolff http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
More information about the freebsd-net
mailing list