At 12:34 PM 8/24/98 -0700, R. C. Dowdeswell wrote:
>
>On 903981788 seconds since the Beginning of the UNIX epoch
>nm wrote:
>>
>>Hello All,
>>
>>I am a college student living on campus.  In each dorm room there is an
>>ethernet port on the wall.  I would like to set up a freebsd box and a 
>>windows box behind a NetBSD firewall in my room, but I am not so sure that
>>it can be done.
>
>I believe that it can.

cool

>>Here is some background info:
>>	q.r.s is the class c for the floor
>>	q.r.s.1 is the gateway to the inet for the floor
>>
>>	q.r.s.27
>>	q.r.s.28
>>	q.r.s.201	these are the ip's that have been allocated to me.
>>	q.r.s.202
>>
>>I have no control of the configuration of the campus router (q.r.s.1)
>>
>>I have two DEC ethernet cards in my Alpha (de0 and de1)
>>
>>
>>|
>>|				
>>|---------[NetBSD]-------<hub>-----[windows and freebsd]
>>|
>>
>>The address of the NIC in the NetBSD box that is on the campus network
>>is q.r.s.202 (de1)  the one on the side of the internal network is
>>q.r.s.201 (de0)
>>
>>After I have ifconfig'd the card I need to use route to set the static
>>routes right?
>>and after that I would prolly need to do some messing with the arp cache
>>via arp right?
>>
>>Well I would think that after I have the proper routes set up that I could
>>ping a host
>>on the campus network from the netbsd box and i could also ping host on my
>>internal network
>>from the netbsd box right?
>
>Basically, it looks like both of the interfaces are on the same
>subnet. You might try `route -n show' to see which interface the
>packets want to go out.  Most routing decisions are based on nets
>and netmasks, and since you have two interfaces that are on the
>same net there isn't really the info for which one to send the
>packets out.

Hrm... the routes look okay to me but i could be wrong... ill check
some more...

>I solved a similar problem using ipf, and setting up rules such
>as:
>
> # ifconfig de0 inet q.r.s.201 netmask 0xffffffff
> # ifconfig de1 inet q.r.s.202 netmask 0xffffff00
> # ipf -Ef -
> pass out on de1 to de0 from any to q.r.s.27
> pass out on de1 to de0 from any to q.r.s.28
>
>(These rules may not be quite right, since I'm taking what I did
>from memory.)
>
>Something like this will allow you to speak to the internal machines.
>If you want to get the firewall going (without access to the router),
>you'll have to set up IPF to do the right thing with routing, and so
>on.  Basically, what you want to do is set up your IPF rules to throw
>all of the packets that need to end up on the internal machines
>to de1 (in this example).  Then all you need to do is to get the firewall
>to respond to arp's for the internal addresses (so that it gets the
>packets.)  Then you have something that works a bit like a switching
>hub.

this sounds good...
I will take one more look at my routes and fool with ipf...

>One note is that if you want to use the routing extensively with IPF,
>I would recommend that you upgrade to current, since there was a bug
>in the code in NetBSD-1.3.1 (not sure about 1.3.2).

yeah i will have to do that...

> == Roland
> == http://www.imrryr.org/~elric/

thanks,
Nick