ipfw/natd/3 nic
Darcy Buskermolen
darcy at wavefire.com
Tue Dec 23 08:54:14 PST 2003
On December 23, 2003 05:23 am, Peter Serwe wrote:
> Okay,
>
> Basically, since FreeBSD is (in my mind anyway)
> the ultimate leatherman of the OS world, and God's
> own gift to networking and network services in general
> I decided to try to do a 3 nic ipfw/natd setup.
>
> I've done 2 nic ipfw/natd a couple of times, straight
> ipfw public-->public ipfw a couple of times, I'm fairly
> comfortable with it..
>
> After searching around, I found a message from
> Gilson (de?)Paiva referencing some stuff Barney Wolff
> told him that basically straightened it out.
>
> Here's what I'm trying to accomplish:
>
> I have 2 internal networks that I'll term
> private_private (192.168.1.0/24)
> and public_private (192.168.2.0/24).
>
> The total number of clients between both
> networks probably could never exceed 100,
> and probably won't ever exceed 50.
>
> I have one public ip address.
>
> I need both networks to be able to surf,
> but I _never_ want ANY traffic to be able
> to go in between except from someone having
> direct access to the router.
Why not just add soem simple firewall rules such as:
ipfw add deny ip from private_private to public_private
ipfw add deny ip from public_private to private_private
before you do your divert rule ?
--
Darcy Buskermolen
Wavefire Technologies Corp.
ph: 250.717.0200
fx: 250.763.1759
http://www.wavefire.com
More information about the freebsd-net
mailing list