Gateway Setup

Subhro subhro at mailblocks.com
Sun Aug 1 01:57:55 PDT 2004 

Greetings,

I am facing a problem in setting up my gateway so I am asking for help.
Let me describe me my setup.

My ISP gateway is *.*.144.49. I am assigned a few static IPS.

*.*.144.54
*.*.147.229
*.*.147.230

I would like to set up a FreeBSD packet filtering gateway. I have currently
laid out my network as:


------------				--------------
-------------
|           |				|		  |
|		  |
|    ISP    |*.*.144.49			| FreeBSD Box |*.*.147.229
|   Linux	  |
|  GATEWAY  |-----------------------|		  |-----------------------|
NAT    |
|           |		  *.*.144.54|		  |
*.*.147.230|		  |
-------------				---------------
-------------
	
| 172.16.0.1
	
|
	
|
	
|
	
|172.16.0.200
	
--------------
	
|		    |
	
|	 LAN	    |
	
|  	 Host	    |
	
|		    |
	
|		    |
	
---------------

My rc.conf looks like:

ifconfig_fxp0="inet 61.95.147.118  netmask 255.255.255.252"
ifconfig_sis0="inet  61.95.147.229 netmask 255.255.255.252"
ifconfig_sis0_alias0="inet 172.16.0.2 netmask 255.255.0.0"
gateway_enable="YES"
routed_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
arpproxy_all="YES"               # replaces obsolete kernel option
ARP_PROXYALL.
firewall_script="/etc/rc.firewall" # Which script to run to set up the
firewall
ip_portrange_first="10000"         # Set first dynamically allocated port
ip_portrange_last="20000"          # Set last dynamically allocated port
tcp_drop_synfin="YES"            # Set to YES to drop TCP packets with
SYN+FIN
icmp_drop_redirect="YES"         # Set to YES to ignore ICMP REDIRECT
packets

I have still not configured the firewall. I would be highly obliged if
anyone helps me by telling what are the things I am missing out? Another
point to be taken care of is, a couple of systems inside the LAN are having
a public IP. For example one of the host is having an IP of *.*.144.82. I am
not allowed to mess with the Linux NAT box in any way because of some
preinstalled commercial software solutions. However I can change the IPs of
the NAT box if necessary. Please help me out.

Thanks and Best Regards

Subhro
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3814 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040801/04ca7748/smime.bin

More information about the freebsd-questions mailing list