The most important responsibility of the gateway is to firewall our three separate network segments. We will again use the ipfw functionality that was introduced in Section 4.1.5.1. See that section for a basic introduction to the functioning of ipfw.

The configuration script for the gateway is significantly more complex that the one laid out for use on the clients. It has to protect not only the gateway itself, but also ensure separation between the networks while allowing vital services on the gateway to be accessed by local users. This script is also much more aggressive in preventing abusive behavior since it will be the frontline against often hazardous Internet traffic.

We will examine the script section by section. To build the completed script, concatenate each of the example sections that follow into /etc/.firewall.conf.

The first line sets the fwcmd variable equal to the path and name of the firewall control program.

fwcmd="/sbin/ipfw"

These four variables correspond to your outside interface, network, netmask, and IP address, respectively. Change these to the correct values.

# set these to your outside interface network and netmask and ip
oif="dc0"
onet="192.0.2.0"
omask="255.255.255.0"
oip="192.0.2.230"

These variables do the same thing for the wireless network (variables starting with “w”) and for the internal wired network (variables starting with “i”). Change these if you are going to use different IP ranges on these networks.

# set these ...