Subject: Re: FIREWALLING...
To: Steffen Liebstueckel <Steffen.Liebstueckel@hadiko.de>
From: Manuel Bouyer <bouyer@antioche.lip6.fr>
List: tech-net
Date: 05/09/2000 23:14:57
On Mon, May 08, 2000 at 08:51:11PM +0200, Steffen Liebstueckel wrote:
> Hi Folks !
> I've a DEC 5000/125 with a second network adapter in and Netbsd 1.4.2 on
> 
> it.
> So far Ive configured both adapters with Ifconfig but haven't set up
> any routing yet.
> I thougt that this is done with the ipfilter roules in ipf.conf so far.
> I want to use this DEC as an Ipfilter Firewall but don't have experience
> 
> in doing that.
> In all books or in the Firewall HOWTO there's nothing mentioned what to
> do additional to the ipfilter roules to get the
> Firewall running...   :-(((((
> 
> 1) Have I to set up any routing or ipforwarding or proxy-arp ?

Just enable ip forwarding, and setup a default route on your DEC.
At this point the DEC will forward anything; now you have to setup IPF
rules to block packets you don't want to come in or out.

> 2) Where and how do I set up the routing ?

/etc/rc.conf to enable IP forwarding and ipf, /etc/mygate to specify the
default router, /etc/ipf.conf for rules filterings.
> 
> I've the following net structure:
> 
> Internet <->[le0:/ ip:  xxx.xx.47.xxx / netmask: 255.255.224.0 <IP
> filter
>  of DEC 5000>   le1: /  ip:xxx.xx.52.xxx / netmask: 255.255.224.0   ]
> <->
>  [ eth0: of PC with Linux / ip:xxx.xx.42.xxx /  netmask: 255.255.224.0 ]

I don't really understand your setup. le0 is the outside interface and le1
the inside. So your linux PC should be on the same network as le1 (OK) but
le0 should be on a different network.

--
Manuel Bouyer <bouyer@antioche.eu.org>
--