On Wed, Mar 03, 1999 at 04:50:59PM -0800, Paul Sander wrote:
> Hi folks,
> 
> I'm trying to set up a firewall machine.  It's a Mac IIci with two
> NIC's (an Asante NuBus Ethernet card, and a "NuBus A Series" Ethernet 
> card).
> 
> I've installed NetBSD v1.3, which is functional with a single network
> interface.  I have a telnet server and sendmail functioning correctly,
> and I can use various clients and utilities to access resources outside
> my network from that machine (e.g. telnet, ftp, sendmail, ping, 
> traceroute).
> 
> I'm finding that I can't bring up both NICs at the same time, though I'm
> configuring them for different networks and netmasks.  (One network is a 
> /24 net allocated to me by InterNIC, the other is a /28 net allocated to
> me by my ISP.)
> 
> The specific problem is that neither interface seems to come up while both
> cards are installed, but both cards work fine if installed alone.
> 
> Has anyone tried such a configuration, and successfully used it as a router?
> Any experiences, good and bad, would be appreciated.
> 

When you say that you can't bring up both NICs at the same time, do you
mean they aren't showing up at boot, or that after boot, you can't ifconfig
them with the appropriate address? Are you setting up ipnat to forward the
packets between them?

I'll give you a little information about my setup, in case it is helpful to
you. This message was sent from my IIci, with two NICs. It acts as
firewall/gateway between my home mini-network and my cable modem. I also
have fetchmail set up to download all of my mail (from several accounts)
and drop it into my local mailbox.

My NICs are an asante, and a Techworks. Both use the asante chip. They
show up at boot as ae0 and ae1. The relevant information from startup is
here:

ae0 at nubus0 slot c: MacCon NuBus-A , 32KB memory
ae0: Ethernet address 00:00:94:60:2b:08
ae1 at nubus0 slot e: NuBus EtherNet-A, 32KB memory
ae1: Ethernet address 00:80:35:09:00:28

The only other major difference between my setup and yours is that
I am using NetBSD 1.3.3.

I found the configuration relatively painless. I first configured the
outbound interface, with its single ip address. Once I had that configured
and working properly, I configured the inbound interface, using numbers
from those assigned for private networks, and set up ipnat to forward
between them.

The document that I used as a reference was at:
http://radon.moof.ai.mit.edu/~armenb/ipnat.html 

There is also a bunch of information on the ipfilter home page at:
http://coombs.anu.edu.au/ipfilter/

Don't hesitate to ask again if you want more information or examples of my
config files.

-- 
Chris Brown -- Macintosh networking/Web development
<chrsbrwn@mindspring.com> <http://www.mindspring.com/~chrsbrwn>
This message was sent from a IIci running NetBSD-Mac68k