On Thu, Feb 15, 2001 at 01:46:34AM +0200, Arto Huusko wrote:
> 
> Hello,
> 
> I am about to put up a firewall machine to my friend, using of course
> NetBSD. I, however, realized that my knowledge of (I figured: likely)
> routing complications may not be quite up to the task. I do have an
> idea that this is pretty simple case, but better be safe than sorry.
> 
> 
> So here is the deal:
> 
> My friends local network is connected to 'net via ADSL. All machines will
> have real IP addresses (which I don't know yet, so I'll use the 10
> network as an example here).
> 
> The ADSL is at 10.0.0.1. The firewall has two NICs, addresses
> 10.0.0.2 and 10.0.0.3. The NIC at 10.0.0.2 is connected to ADSL
> and NIC at 10.0.0.3 is connected to the LAN (whose addresses are
> then 10.0.0.x, where x > 3).
> 
> What do I have to do to make traffic go both ways without trouble?
> 
> The LAN will need to have the firewall (10.0.0.2) as default gateway,
> I suppose? And firewall's default gateway should then be 10.0.0.1,
> right?
> 
> But right here I am on thin ice. Is all that enough, is the TCP/IP
> stack smart enough to pass the traffic to correct interface or
> what all do I have to set up. Routing tables... or what.
> 
> 
> I have here at home my own firewall, and behind it two computers
> that don't have real IPs so I use NAT, and all works nice... but
> the above situation somehow felt like a very different world to me.

Well, in the situation here you need an ethernet bridge, not an IP router.
But you could handle this with NAT as well: put all your real addresses
as alias on the adsl interface of your router. Then use bimap to redirect
theses to machine on local network.

--
Manuel Bouyer <bouyer@antioche.eu.org>
--