Re: ADSL Bridging/Firewall Issues.....

[Ng Pheng Siong <ngps () netmemetic com>]

On Tue, Dec 18, 2001 at 01:23:42AM +0800, Ng Pheng Siong wrote:
> On Mon, Dec 17, 2001 at 04:38:53AM -0800, Andrew Fremantle wrote:
> > So? Any suggestions? Currently i've got an additional FreeBSD box up on the
> > network, acting as a Bridge between my switch and the modem. It has two
> > interfaces, neither of which is configured for IP, and isn't filtering
> > (yet). 
>
> I understand your posting to mean you have public addresses. You don't need
> NAT, then. 

Reading your reply and then your post again, I realise I've misunderstood
earlier.

Try these:

1. Run ipfw on your FreeBSD bridge for the packet filtering.

2. To "fix" the proxy ARP problem, configure a *secondary* address on each
of your local machines from an RFC1918 block, say, 10.1.1.0/24. 

When your machines want to talk to each other, use the 10.1.1.0 addresses.
This means you'll have to run a local nameserver (or maintain /etc/hosts
and their Windows equivalents on each machine) to map your local host names
to the 10.1.1.0 block. 

When your machines want to talk to the outside, they'd use their
DHCP-assigned public addresses to send the packets to your router.

This ought to do it. To think about it more, set your machines up as
described, run netstat -nr, and consider the output. ;-)

(I've done a similar (but not identical) thing before.)

Cheers.

-- 
Ng Pheng Siong <ngps () netmemetic com> * http://www.netmemetic.com

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards