-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Subhro Sent: Sunday, August 01, 2004 14:28 To: [EMAIL PROTECTED] Subject: Gateway Setup
Greetings,
I am facing a problem in setting up my gateway so I am asking for help.
Let me describe me my setup.
My ISP gateway is *.*.144.49. I am assigned a few static IPS.
*.*.144.54
*.*.147.229
*.*.147.230
I would like to set up a FreeBSD packet filtering gateway. I have currently
laid out my network as:
------------ --------------
-------------
| | | |
| |
| ISP |*.*.144.49 | FreeBSD Box |*.*.147.229
| Linux |
| GATEWAY |-----------------------| |-----------------------|
NAT |
| | *.*.144.54| |
*.*.147.230| |
------------- ---------------
-------------
| 172.16.0.1
|
|
|
|172.16.0.200
--------------
| |
| LAN |
| Host |
| |
| |
---------------
My rc.conf looks like:
ifconfig_fxp0="inet 61.95.147.118 netmask 255.255.255.252"
ifconfig_sis0="inet 61.95.147.229 netmask 255.255.255.252"
ifconfig_sis0_alias0="inet 172.16.0.2 netmask 255.255.0.0"
gateway_enable="YES"
routed_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
arpproxy_all="YES" # replaces obsolete kernel option
ARP_PROXYALL.
firewall_script="/etc/rc.firewall" # Which script to run to set up the
firewall
ip_portrange_first="10000" # Set first dynamically allocated port
ip_portrange_last="20000" # Set last dynamically allocated port
tcp_drop_synfin="YES" # Set to YES to drop TCP packets with
SYN+FIN
icmp_drop_redirect="YES" # Set to YES to ignore ICMP REDIRECT
packets
I have still not configured the firewall. I would be highly obliged if
anyone helps me by telling what are the things I am missing out? Another
point to be taken care of is, a couple of systems inside the LAN are having
a public IP. For example one of the host is having an IP of *.*.144.82. I am
not allowed to mess with the Linux NAT box in any way because of some
preinstalled commercial software solutions. However I can change the IPs of
the NAT box if necessary. Please help me out.
Thanks and Best Regards
Subhro
Sorry the figure messed up. Actually What I meant is,
The ISP gateway is *.*.144.49
The FreeBSD router is supposed to have two interfaces with IPS *.*.144.54,
which is in the next hop of ISP gateway. The other interface is *.*.147.229.
This interface is supposed to have the packets filtered from *.54. The
interface is connected to a Linux NAT box having one interface, *.*.147.230
and another interface connected to the LAN 172.16.0.1. I am not allowed to
play with the NAT box. Another point to be taken care of is, the LAN
contains a couple of hosts which are assigned a public ip statically. Could
anyone help me setup the above network please?
smime.p7s
Description: S/MIME cryptographic signature
