Bridge + Natd + IPFW + Dummynet puzzles...

Peter K bobbilly5 at
Wed Mar 26 18:42:47 PST 2003

    I have a t1 with 16 ip's, which I need to share
around this office.  Some of those real/routable IP's
I want to assign internally in the office, while at
the same time them to be behind my FreeBSD
firewall/dummynet pc.

    FreeBSD bridge/ipfw/dummynet/natd [two nics]
       Server-, Server 209.150.x.148
Workstation 192.168.0.x WorkStation 192.168.0.x

So far my bridge and natd work fine, except those
internal machines with 209.150 adress space can't see
each other [they won't ping any other 209.150.x.x],
but I can ping them from the outside and the can ping
outside. The t1 router is directly connected into the
FreeBSD machine.  The handbook says I need to have
DEFAULT_TO_ACCEPT in my kernel for ipfw, right now I
just have firewall_type="open", and 0, that works but when I
set that thing to 1 traffic dies is
that kernel option necessary?

   I think this setup is whacked and I'm just getting
lucky that someone can actually see those machines
from the outside, I just need advice on how this
should be done / Is this a good way to do it? or is it
possible to do it this way?

Basically I want to have some machines with public IP
inside my network behind a firewall/dummynet
[subnetting too much headache for a network of 16
ip's], and other machines with private address space
inside behind my firewall/dummynet thru natd.


Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!

More information about the freebsd-questions mailing list