Re: ipfw/natd/3 nic

• Previous message: Barney Wolff: "Re: ipfw/natd/3 nic"
• In reply to: Peter Serwe: "ipfw/natd/3 nic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: Peter Serwe <peter@easytree.net>, freebsd-net@freebsd.org
Date: Tue, 23 Dec 2003 08:54:14 -0800

On December 23, 2003 05:23 am, Peter Serwe wrote:
> Okay,
>
> Basically, since FreeBSD is (in my mind anyway)
> the ultimate leatherman of the OS world, and God's
> own gift to networking and network services in general
> I decided to try to do a 3 nic ipfw/natd setup.
>
> I've done 2 nic ipfw/natd a couple of times, straight
> ipfw public-->public ipfw a couple of times, I'm fairly
> comfortable with it..
>
> After searching around, I found a message from
> Gilson (de?)Paiva referencing some stuff Barney Wolff
> told him that basically straightened it out.
>
> Here's what I'm trying to accomplish:
>
> I have 2 internal networks that I'll term
> private_private (192.168.1.0/24)
> and public_private (192.168.2.0/24).
>
> The total number of clients between both
> networks probably could never exceed 100,
> and probably won't ever exceed 50.
>
> I have one public ip address.
>
> I need both networks to be able to surf,
> but I _never_ want ANY traffic to be able
> to go in between except from someone having
> direct access to the router.

Why not just add soem simple firewall rules such as:

ipfw add deny ip from private_private to public_private
ipfw add deny ip from public_private to private_private

before you do your divert rule ?

-- 
Darcy Buskermolen
Wavefire Technologies Corp.
ph: 250.717.0200
fx:  250.763.1759
http://www.wavefire.com
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

• Previous message: Barney Wolff: "Re: ipfw/natd/3 nic"
• In reply to: Peter Serwe: "ipfw/natd/3 nic"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: [SLE] Help hosts.deny ... For non-public services I would personally go for deny all, ... individual services and/or networks. ... For public services, I wouldn't ... (SuSE) RE: [fw-wiz] RE: Why blocking bogons buys you nothing (Mikael Ols son) ... Your list list is blocking a lot of populated legitimate networks. ... deny ip 148.208.0.0 0.15.255.255 any ... deny tcp any any eq 22 ... (Firewall-Wizards) Re: [fw-wiz] RE: Why blocking bogons buys you nothing (Mikael Olsson) ... Your list list is blocking a lot of populated legitimate networks. ... deny ip 148.208.0.0 0.15.255.255 any ... deny tcp any any eq 22 ... (Firewall-Wizards) Re: [SLE] Help hosts.deny ... For non-public services I would personally go for deny all, ... individual services and/or networks. ... (SuSE) Re: RELENG_5 kernel b0rken with IPFIREWALL and without PFIL_HOOKS ... Checking firewall rules is a Good Thing. ... >to kldload ipfw, which will fail if ipfw is compiled into the kernel, ... 00200 deny ip from any to 127.0.0.0/8 ... Or am I missing your point? ... (freebsd-current)