At 12:34 AM 8/25/98 +0200, you wrote:
>Wouldn't ipnat do what you want to do ? I.E. from outside,
>just NetBSD box would be wisible; from inside, NetBSD would
>act just like default gateway (i.e. normal router).
>It's easy to do. I have done it for dial-out link, so
>it should be possible for leased line as well. You won't even
>need two IP adresses then.
>
>Jarda

well it would work sort of...
main problem is that i want to be able to have incoming connections
to the window box...

>
>R. C. Dowdeswell wrote:
>> 
>> On 903981788 seconds since the Beginning of the UNIX epoch
>> nm wrote:
>> >
>> >Hello All,
>> >
>> >I am a college student living on campus.  In each dorm room there is an
>> >ethernet port on the wall.  I would like to set up a freebsd box and a 
>> >windows box behind a NetBSD firewall in my room, but I am not so sure that
>> >it can be done.
>> 
>> I believe that it can.
>> 
>> >Here is some background info:
>> >	q.r.s is the class c for the floor
>> >	q.r.s.1 is the gateway to the inet for the floor
>> >
>> >	q.r.s.27
>> >	q.r.s.28
>> >	q.r.s.201	these are the ip's that have been allocated to me.
>> >	q.r.s.202
>> >
>> >I have no control of the configuration of the campus router (q.r.s.1)
>> >
>> >I have two DEC ethernet cards in my Alpha (de0 and de1)
>> >
>> >
>> >|
>> >|				
>> >|---------[NetBSD]-------<hub>-----[windows and freebsd]
>> >|
>> >
>> >The address of the NIC in the NetBSD box that is on the campus network
>> >is q.r.s.202 (de1)  the one on the side of the internal network is
>> >q.r.s.201 (de0)
>> >
>> >After I have ifconfig'd the card I need to use route to set the static
>> >routes right?
>> >and after that I would prolly need to do some messing with the arp cache
>> >via arp right?
>> >
>> >Well I would think that after I have the proper routes set up that I could
>> >ping a host
>> >on the campus network from the netbsd box and i could also ping host on my
>> >internal network
>> >from the netbsd box right?
>> 
>> Basically, it looks like both of the interfaces are on the same
>> subnet. You might try `route -n show' to see which interface the
>> packets want to go out.  Most routing decisions are based on nets
>> and netmasks, and since you have two interfaces that are on the
>> same net there isn't really the info for which one to send the
>> packets out.
>> 
>> I solved a similar problem using ipf, and setting up rules such
>> as:
>> 
>>  # ifconfig de0 inet q.r.s.201 netmask 0xffffffff
>>  # ifconfig de1 inet q.r.s.202 netmask 0xffffff00
>>  # ipf -Ef -
>>  pass out on de1 to de0 from any to q.r.s.27
>>  pass out on de1 to de0 from any to q.r.s.28
>> 
>> (These rules may not be quite right, since I'm taking what I did
>> from memory.)
>> 
>> Something like this will allow you to speak to the internal machines.
>> If you want to get the firewall going (without access to the router),
>> you'll have to set up IPF to do the right thing with routing, and so
>> on.  Basically, what you want to do is set up your IPF rules to throw
>> all of the packets that need to end up on the internal machines
>> to de1 (in this example).  Then all you need to do is to get the firewall
>> to respond to arp's for the internal addresses (so that it gets the
>> packets.)  Then you have something that works a bit like a switching
>> hub.
>> 
>> One note is that if you want to use the routing extensively with IPF,
>> I would recommend that you upgrade to current, since there was a bug
>> in the code in NetBSD-1.3.1 (not sure about 1.3.2).
>> 
>>  == Roland
>>  == http://www.imrryr.org/~elric/
>> 
>
>
>-- 
>Jaromir Dolecek <dolecek@ics.muni.cz>	http://www.ics.muni.cz/~dolecek/
>-------------------------------------------------------------------------
>It is better never to have been born.  But who among us has such luck?
>One in a million, perhaps.
>