important responsibility of the gateway is to firewall our three
separate network segments. We will again use the
ipfw functionality that was introduced in Section 188.8.131.52. See that section for a basic introduction to
the functioning of
The configuration script for the gateway is significantly more complex that the one laid out for use on the clients. It has to protect not only the gateway itself, but also ensure separation between the networks while allowing vital services on the gateway to be accessed by local users. This script is also much more aggressive in preventing abusive behavior since it will be the frontline against often hazardous Internet traffic.
We will examine the script section by section. To build the completed
script, concatenate each of the example sections that follow into
The first line sets the
fwcmd variable equal to
the path and name of the firewall control program.
These four variables correspond to your outside interface, network, netmask, and IP address, respectively. Change these to the correct values.
# set these to your outside interface network and netmask and ip oif="
These variables do the same thing for the wireless network (variables starting with “w”) and for the internal wired network (variables starting with “i”). Change these if you are going to use different IP ranges on these networks.
# set these ...