new subscriber Newly migrated from Linux, netstat /

Nik Clayton nik at freebsd.org
Fri Jul 21 23:38:12 BST 2000


On Thu, Jul 20, 2000 at 03:51:10PM +0100, Paul.Newman at pgen.com wrote:
> How to configure the network such that all ftp packets for addresses 
> outside my firewall automatically go through the firewall? 

That sounds like a simple routing issue.  It's probably worth your while
investing in one of the O'Reilly networking books.

Suppose all the machines behind the firewall have address in the 10/24
range (i.e., 10.0.0.1 thru to 10.0.0.254).  The firewall machine is the
.1 address.  In addition, the firewall machine has two network interfaces,
and knows how to get stuff to the outside world.

All you have to do is make sure the the default route on all the other
machines is set to 10.0.0.1 (the address of the firewall).

In this particular instance, the firewall machine is also functioning as
a 'gateway'.

To do this on FreeBSD you don't need to mess with routed.  In fact, most
of the time you never need to mess with routed, as most people's routing
requirements are simple enough that they can set the routing up once and
then forget about it.

On a FreeBSD machine you set the IP address of the default route by doing

    route add default 10.0.0.1

The simplest way to have this done for you is to put the line

    defaultrouter="10.0.0.1"

in /etc/rc.conf.

> The firewall requires a username and password.

That gets more tricky.  It sounds like what you have is a firewall proxy.
I'm guessing you have to ftp to your firewall machine first, and then
log in as something like

     username: ftp at ftp.freebsd.org
     password: anonymous

right (assuming you were trying to get to ftp.freebsd.org)?  And then it
connects you directly to ftp.freebsd.org?

If that is the case then you're going to have problems running programs
like CVSup through.  This is going to be somewhat dependent on your 
network setup, and related configuration.

<plug>You might want to get in touch with FreeBSD Services ltd, who provide
commercial support for FreeBSD in the UK.  One of their engineers could 
come on site to see you for a half day or day to suggest (and implement)
solutions for things like this, and talk through any other questions you
might have.  If so, drop me line, nik at freebsd-services.co.uk :-) </plug>

N
-- 
Internet connection, $19.95 a month.  Computer, $799.95.  Modem, $149.95.
Telephone line, $24.95 a month.  Software, free.  USENET transmission,
hundreds if not thousands of dollars.  Thinking before posting, priceless.
Somethings in life you can't buy.  For everything else, there's MasterCard.
  -- Graham Reed, in the Scary Devil Monastery




More information about the Ukfreebsd mailing list