ipfw routing

[Lowell Gilbert]

Petre Bandac <g38 at rdsbv.ro> writes:

> I have to use a freebsd machine as a gateway router; I did manage to make natd 
> work, but now I have also a subnet routed to the machine

That sounds fine.  How you handle it will depend on whether you want
outside hosts to be able to initiate connections into that subnet or
not.  If not, it's easy:  you just need '-unregistered_only'.

If you do want full access into those machines, I don't see why
just setting up a route on the gateway machine shouldn't be enough to
just do it on a machine already configured for IP forwarding.  Of
course, you'll need to let the packets through the firewall.

> I'm looking for the ipfw command similar to iptables' -A FORWARD -d $subnet/
> $mask -j ACCEPT

Sorry, I don't use iptables, so that doesn't mean anything to me.

I can guess that it's going to just let in all packets destined for
subnet/mask, but surely you want to do *some* firewalling...

> also, what's the difference between ipfw add pass and ipfw add forward ?

The former accepts a packet for processing by the IP stack, while the
latter bypasses the forwarding portions of the stack.