On Thu, Jul 08, 2004 at 05:10:28PM +0200, Terrence Koeman wrote: > Hi, > > I have been busy setting up a network the last 3 days, but I cannot get it > working. > > Basically I have no clue what has to be setup etc. and if I need bridging or > not. > > The situation is as follows: > > -------------- > | SDSL Modem | > | Bridged | > -------------- > | > -------------------------- > | xl0: 217.1.1.155 | > | | > | Freebsd Box | > | | > | xl1 | > -------------------------- > | > ---------- > |---------------| SWITCH |---------------| > | ---------- | > | | | > ------------------- ------------------- ------------------- > | C1: 217.1.1.156 | | C2: 217.1.1.157 | | C3: 217.1.1.158 | > ------------------- ------------------- ------------------- > > > The FreeBSD box has full internet connectivity and I can also get NAT > working, but the thing is that I need those non-private IP's bound to the > clients and I need ipfw between the clients and the modem. Also I need the > FreeBSD machine to have a non-private IP address. I have no clue as to > getting the packets from those clients to the internet. I tried bridging xl0 > and xl1 and using 217.1.1.155 as gateway, but that didn't work. > > Maybe someone that knows how to do something like this can shed some light > on it for me? > > Thanks in advance. > > -- > Regards, > Terrence Koeman
You could make the FreeBSD box a bridge and still use IFPW. It really depends on whether you will have other clients that will NOT have public IP addresses that will need NAT - you don't specify whether this is the case. For FreeBSD to be setup as a bridge/IPFW machine you will minimally need a kernel compiled with the following options: options IPFIREWALL options BRIDGE After you have built and installed this kernel add the following entries to /etc/sysctl.conf: net.link.ether.bridge=1 net.link.ether.bridge_cfg=xl0,xl1 net.link.ether.bridge_ipfw=1 net.inet.ip.fw.enable=0 You will probably want to add the following lines to /etc/rc.conf so that some IPFW rules will be loaded at boot: firewall_enable="YES" firewall_type="<your fw type>" Read the firewall(7) manpage for more information. If you don't have console access to the FreeBSD machine beware that the default rule is to deny packets. Therefore if you build IPFW into the kernel and don't allow for some basic rules to be added at boot you will likely be locked out from anything but console access. Nathan -- PGP Public Key: pgp.mit.edu:11371/pks/lookup?op=get&search=0xD8527E49
pgpeFbfUdRh20.pgp
Description: PGP signature
