I have a new FreeBSD 7 web server that connects just fine from the INTERNET side. I'd like to be able to keep that connectivity and then have "authorized" users able to access and be served documents from the INTRANET side. My Firewall works so good, that when I connect from the INTERNET side, I can't "reach-thru" to the INTRANET side. I'm new to this part of FreeBSD and can use some help. I installed after much reading but still don't know if I am able to do this ...
My config looks like this...
........................... FreeBsd System ........................
Internet <---1---> Card re0 | card em0 <---2--> INTrANET
#1 connects from INTERNET - does not see #2 from hard-coded link:(
does each server have only 1 nic (as it seems from your schema)? if so, at least server 1 requires 2nics in order to provide internet access to intranet users.
the first nic connects the server to the internet and the second nic connects it to the intranet.
if I understand what you're trying to do, you have internet on your outside nic of 173.8.xxx and when it receives traffic destined for 10.10.xx it doesn't pass? If that's the case, it shouldn't. You will need to set up natd to monitor incoming connections and have a static nat setup in order for outside public ip traffic to route to the internal nic. If you monitor the traffic on the 10.10.xx nic with tcpdump, I'm pretty sure that you'll see the traffic coming in and out, however anything not local on the outside nic will get /dev/null'd at your outbound router since the 10.10.10 can't route outside of your network.
If I'm completely wrong here, and your firewall is active on that system, and running ipfw add an ipfw add ### allow ip from 173.8.xxx.xx/xx any to 10.10.10.xx/xx any and a return rule of ipfw add ### allow ip from 10.10.10.xx/xx any to 173.8.xxx.xx/xx any to correct it.
