ipfw routing

[Petre Bandac]

On Monday 20 October 2003 15:48 Anno Domini, Lowell Gilbert wrote using one of 
his keyboards:
> Petre Bandac <g38 at rdsbv.ro> writes:
> > I have to use a freebsd machine as a gateway router; I did manage to make
> > natd work, but now I have also a subnet routed to the machine
>
> That sounds fine.  How you handle it will depend on whether you want
> outside hosts to be able to initiate connections into that subnet or
> not.  If not, it's easy:  you just need '-unregistered_only'.
>
> If you do want full access into those machines, I don't see why
> just setting up a route on the gateway machine shouldn't be enough to
> just do it on a machine already configured for IP forwarding.  Of
> course, you'll need to let the packets through the firewall.

all I did was 
ipfw add pass all from any to $subnet 
ipfw add pass all from $subnet to any

and it works

my problem was that I googled around and didn't find the answer to my problem, 
so I had to figure it out myself

if you are familiar with freebsd routers/gateways, I would welcome any hints/
advices/howtoes/links/etc

what I want is to get the LAN behind rl1 to the internet (connected via rl0) 
with routable (i.e. public) IP addresses

> > I'm looking for the ipfw command similar to iptables' -A FORWARD -d
> > $subnet/ $mask -j ACCEPT
>
> Sorry, I don't use iptables, so that doesn't mean anything to me.

I am new to freebsd (and slowly moving to the intermediate level), but I have 
a few years of linux experience behind, that's why I tried a comparison 
between the 2 

> I can guess that it's going to just let in all packets destined for
> subnet/mask, but surely you want to do *some* firewalling...

yes, I surely do

> > also, what's the difference between ipfw add pass and ipfw add forward ?
>
> The former accepts a packet for processing by the IP stack, while the
> latter bypasses the forwarding portions of the stack.

got it

thanks,

petre

-- 
 3:56PM  up 8 days,  4:01, 4 users, load averages: 0.94, 0.47, 0.26