Bridge + Natd + IPFW + Dummynet puzzles...
Peter K
bobbilly5 at yahoo.com
Wed Mar 26 18:42:47 PST 2003
Hello,
I have a t1 with 16 ip's, which I need to share
around this office. Some of those real/routable IP's
I want to assign internally in the office, while at
the same time them to be behind my FreeBSD
firewall/dummynet pc.
t1Router
209.150.x.145
|
|
209.150.x.146 255.255.255.240
FreeBSD bridge/ipfw/dummynet/natd [two nics]
192.168.0.1 255.255.255.0
|
|
Server-209.150.214.147, Server 209.150.x.148
Workstation 192.168.0.x WorkStation 192.168.0.x
So far my bridge and natd work fine, except those
internal machines with 209.150 adress space can't see
each other [they won't ping any other 209.150.x.x],
but I can ping them from the outside and the can ping
outside. The t1 router is directly connected into the
FreeBSD machine. The handbook says I need to have
DEFAULT_TO_ACCEPT in my kernel for ipfw, right now I
just have firewall_type="open", and
net.link.ether.bridge_ipfw: 0, that works but when I
set that thing to 1 traffic dies randomly....so is
that kernel option necessary?
I think this setup is whacked and I'm just getting
lucky that someone can actually see those machines
from the outside, I just need advice on how this
should be done / Is this a good way to do it? or is it
possible to do it this way?
Basically I want to have some machines with public IP
inside my network behind a firewall/dummynet
[subnetting too much headache for a network of 16
ip's], and other machines with private address space
inside behind my firewall/dummynet thru natd.
Peter
__________________________________________________
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com
More information about the freebsd-questions
mailing list