route between LAN, DMZ and INET

Tue Oct 14 13:49:21 PDT 2003

Hello all,

Below you will find my ifconfig output and my /etc/rc.conf file.

I would like to setup a firewall/router that will route between my
private LAN, my DMZ and the Internet. Currently I have the following:

I installed FreeBSD 5.1
Installed 3 nics
dc0 (LAN, 192.168.1.111), connected to a 24 port 3Com hub
dc1 (DMZ, 216.138.226.22), connected to a 12 port IBM switch
xl0 (INET, 216.138.224.10), connected to Alcatel dsl modem

I have a /28 IP block (216.138.226.16/28) and my default gateway is
216.138.224.9.

I turned on routed using /stand/sysinstall after the installation.

I have been able to ping addresses from all 3 interfaces and I have been
able to ping to dc0 and dc1 from computers on those networks.

Currently I can not use 192.168.1.111 as my gateway on any computers on
the private LAN to get to the Internet, I can ping it but that is as far
as I can go.

What I would like is someone to guide me in the right direction as to
what I need to be doing here. Do I need natd? Do I need to make kernel
config changes? Is gated a better option over routed? Any guidance any
of kind you can provide would be greatly appreciated. The next step
after this is to add ipfw and maybe ipsec.

Thanks all for allowing me to ask this newbie question.

cheers

Jay

here is my ifconfig

dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 192.168.1.111 netmask 0xffffff00 broadcast 192.168.1.255
        inet6 fe80::203:6dff:fe00:9bd%dc0 prefixlen 64 scopeid 0x1
        ether 00:03:6d:00:09:bd
        media: Ethernet autoselect (100baseTX)
        status: active
dc1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 216.138.226.22 netmask 0xfffffff0 broadcast 216.138.226.31
        inet6 fe80::280:c6ff:feea:7af1%dc1 prefixlen 64 scopeid 0x2
        ether 00:80:c6:ea:7a:f1
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=3<RXCSUM,TXCSUM>
        inet 216.138.224.10 netmask 0xfffffffc broadcast 216.138.224.11
        inet6 fe80::250:daff:fe1b:90c3%xl0 prefixlen 64 scopeid 0x3
        ether 00:50:da:1b:90:c3
        media: Ethernet autoselect (10baseT/UTP)
        status: active
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
        inet 127.0.0.1 netmask 0xff000000

here is my /etc/rc.conf

gateway_enable="YES"
hostname="fw.bwlogic.com"
# LAN
ifconfig_dc0="inet 192.168.1.111 netmask 255.255.255.0"
# DMZ
ifconfig_dc1="inet 216.138.226.22 netmask 255.255.255.240"
# INET
ifconfig_xl0="inet 216.138.224.10 netmask 255.255.255.252"
kern_securelevel_enable="NO"
sendmail_enable="YES"
sshd_enable="YES"
usbd_enable="YES"
# routed settings
router_flags="-q"
router="/sbin/routed"
router_enable="YES"