Nik Clayton nik at
Fri Jul 21 23:38:12 BST 2000

On Thu, Jul 20, 2000 at 03:51:10PM +0100, Paul.Newman at wrote:
> How to configure the network such that all ftp packets for addresses 
> outside my firewall automatically go through the firewall? 

That sounds like a simple routing issue.  It's probably worth your while
investing in one of the O'Reilly networking books.

Suppose all the machines behind the firewall have address in the 10/24
range (i.e., thru to  The firewall machine is the
.1 address.  In addition, the firewall machine has two network interfaces,
and knows how to get stuff to the outside world.

All you have to do is make sure the the default route on all the other
machines is set to (the address of the firewall).

In this particular instance, the firewall machine is also functioning as
a 'gateway'.

To do this on FreeBSD you don't need to mess with routed.  In fact, most
of the time you never need to mess with routed, as most people's routing
requirements are simple enough that they can set the routing up once and
then forget about it.

On a FreeBSD machine you set the IP address of the default route by doing

    route add default

The simplest way to have this done for you is to put the line


in /etc/rc.conf.

> The firewall requires a username and password.

That gets more tricky.  It sounds like what you have is a firewall proxy.
I'm guessing you have to ftp to your firewall machine first, and then
log in as something like

     username: ftp at
     password: anonymous

right (assuming you were trying to get to  And then it
connects you directly to

If that is the case then you're going to have problems running programs
like CVSup through.  This is going to be somewhat dependent on your 
network setup, and related configuration.

