Greetings,

I am facing a problem in setting up my gateway so I am asking for help.
Let me describe me my setup.

My ISP gateway is *.*.144.49. I am assigned a few static IPS.

*.*.144.54
*.*.147.229
*.*.147.230

I would like to set up a FreeBSD packet filtering gateway. I have currently
laid out my network as:


------------                            --------------
-------------
|           |                           |                 |
|                 |
|    ISP    |*.*.144.49                 | FreeBSD Box |*.*.147.229
|   Linux         |
|  GATEWAY  |-----------------------|             |-----------------------|
NAT    |
|           |             *.*.144.54|             |
*.*.147.230|              |
-------------                           ---------------
-------------
        
| 172.16.0.1
        
|
        
|
        
|
        
|172.16.0.200
        
--------------
        
|                   |
        
|        LAN        |
        
|        Host       |
        
|                   |
        
|                   |
        
---------------

My rc.conf looks like:

ifconfig_fxp0="inet 61.95.147.118  netmask 255.255.255.252"
ifconfig_sis0="inet  61.95.147.229 netmask 255.255.255.252"
ifconfig_sis0_alias0="inet 172.16.0.2 netmask 255.255.0.0"
gateway_enable="YES"
routed_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
arpproxy_all="YES"               # replaces obsolete kernel option
ARP_PROXYALL.
firewall_script="/etc/rc.firewall" # Which script to run to set up the
firewall
ip_portrange_first="10000"         # Set first dynamically allocated port
ip_portrange_last="20000"          # Set last dynamically allocated port
tcp_drop_synfin="YES"            # Set to YES to drop TCP packets with
SYN+FIN
icmp_drop_redirect="YES"         # Set to YES to ignore ICMP REDIRECT
packets

I have still not configured the firewall. I would be highly obliged if
anyone helps me by telling what are the things I am missing out? Another
point to be taken care of is, a couple of systems inside the LAN are having
a public IP. For example one of the host is having an IP of *.*.144.82. I am
not allowed to mess with the Linux NAT box in any way because of some
preinstalled commercial software solutions. However I can change the IPs of
the NAT box if necessary. Please help me out.

Thanks and Best Regards

Subhro

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to