Date: Wed, 21 Nov 2001 17:45:27 +0100 From: "Dennis" <trm@daydreamer.dk> To: <freebsd-net@FreeBSD.org> Subject: Routing problems Message-ID: <046101c172ab$ecb280e0$0301a8c0@denniswork>
next in thread | raw e-mail | index | archive | help
Hi!
First off all i have read all the posting from 2001 that might regard my
problem but did'nt find anything at all :(
I'm having some big problems with routing on my FreeBSD 4.4 box (or
atleast i think its the routing..)
The setup is like this :
The firm has 2 different type of nets (the old HP VGANY lan and plain
fast ethernet) and each net has its own /24. On fast ethernet the ip is
192.168.1.0/24 and this net works just fine everutime. But the other net
is way more strange, it has the ip area 192.168.10.0/24 and this only
works if i flush my firewall rules :(
The FreeBSD box has 2 nic's, one for the internal nets and one for thier
adsl connection, the internal nic has ip 192.168.1.1.
And in the rc.conf i have a route add statement and a nic_alias cmd in order
for both nets to access til internet.
But what have i missed in the firewall script file because the second net
does NOT have access to the internet until i flush my rules :(
Any good ideas?
Regards
Dennnis
rc.conf:
ifconfig_ep0="inet 192.168.1.1 netmask 255.255.255.0"
ifconfig_ep1="inet 192.168.2.10 netmask 255.255.255.0"
hostname="jr-data.dk"
linux_enable="NO"
gateway_enable="YES"
defaultrouter="192.168.2.88"
router_flags="-q"
router="routed"
router_enable="YES"
firewall_enable="YES"
firewall_script="/etc/firewall"
sendmail_enable="NO"
inetd_enable="NO"
route add 192.168.10.0 192.168.1.100
saver="blank"
font8x8="cp850-8x8"
font8x14="cp850-8x14"
font8x16="cp850-8x16"
scrnmap="NO"
keyrate="fast"
keymap="danish.cp865"
/etc/firewall
/sbin/natd -interface ep1
fwcmd="/sbin/ipfw"
inet="192.168.1.0"
inet1="192.168.10.0"
imask="255.255.255.0"
iip="192.168.1.1"
#From this computer an on to the net
$fwcmd add 100 pass all from ${iip} to ${inet}:${imask}
$fwcmd add 110 pass all from ${inet}:${imask} to ${iip}
$fwcmd add 120 pass all from ${oip} to ${onet}:${omask}
$fwcmd add 130 pass all from ${onet}:${omask} to ${oip}
$fwcmd add 140 pass all from ${iip} to ${inet1}:${imask}
$fwcmd add 170 pass all from ${inet1}:${imask} to ${iip}
#Hvis der er en forbindelse maa denne bruges
$fwcmd add 200 skipto 1000 tcp from any to any established
#Tillader forbindelse paa de specificerede porte
$fwcmd add 300 skipto 1000 tcp from ${inet}:${imask} to any 23 setup
$fwcmd add 310 skipto 1000 tcp from ${inet}:${imask} to any 53 setup
$fwcmd add 320 skipto 1000 tcp from ${inet}:${imask} to any 80 setup
$fwcmd add 330 skipto 1000 tcp from ${inet}:${imask} to any 25 setup
$fwcmd add 340 skipto 1000 tcp from ${inet}:${imask} to any 110 setup
$fwcmd add 342 skipto 1000 tcp from any 20 to any 30000-63000 setup
$fwcmd add 344 skipto 1000 tcp from any 20 to any 1024-4096 setup
$fwcmd add 350 skipto 1000 tcp from ${inet}:${imask} to any 20 setup
$fwcmd add 360 skipto 1000 tcp from ${inet}:${imask} to any 21 setup
$fwcmd add 370 skipto 1000 tcp from ${inet}:${imask} to any 119 setup
$fwcmd add 380 skipto 1000 tcp from ${inet}:${imask} to any 443 setup
$fwcmd add 392 skipto 1000 tcp from ${inet}:${imask} to any 1433 setup
$fwcmd add 390 skipto 1000 tcp from any to any 3389 setup
$fwcmd add 301 skipto 1000 tcp from ${inet1}:${imask} to any 23 setup
$fwcmd add 311 skipto 1000 tcp from ${inet1}:${imask} to any 53 setup
$fwcmd add 321 skipto 1000 tcp from ${inet1}:${imask} to any 80 setup
$fwcmd add 331 skipto 1000 tcp from ${inet1}:${imask} to any 25 setup
$fwcmd add 341 skipto 1000 tcp from ${inet1}:${imask} to any 110 setup
$fwcmd add 351 skipto 1000 tcp from ${inet1}:${imask} to any 20 setup
$fwcmd add 361 skipto 1000 tcp from ${inet1}:${imask} to any 21 setup
$fwcmd add 371 skipto 1000 tcp from ${inet1}:${imask} to any 119 setup
$fwcmd add 381 skipto 1000 tcp from ${inet1}:${imask} to any 443 setup
$fwcmd add 394 skipto 1000 tcp from ${inet1}:${imask} to any 1433 setup
#UDP trafik
$fwcmd add 400 skipto 1000 udp from any 53 to any
$fwcmd add 410 skipto 1000 udp from any to any 53
$fwcmd add 485 skipto 1000 udp from any to any 119
$fwcmd add 486 skipto 1000 udp from any 119 to any
$fwcmd add 487 skipto 1000 udp from any to any 443
$fwcmd add 488 skipto 1000 udp from any 443 to any
$fwcmd add 490 skipto 1000 udp from any 3389 to any
$fwcmd add 495 skipto 1000 udp from any to any 3389
$fwcmd add 498 skipto 1000 udp from any 1433 to any
$fwcmd add 499 skipto 1000 udp from any to any 1433
#icmp
$fwcmd add 500 skipto 1000 icmp from any to any
#Terminalserver
$fwcmd add 600 allow tcp from any to 192.168.1.5 setup
$fwcmd add 601 allow tcp from 192.168.1.5 to any setup
#Stop alt som ikke er skippet til regel 1000
$fwcmd add 900 deny all from any to any
#NAT det som er tilladt af tidligere regler.
$fwcmd add 1000 divert natd all from any to any via ep1
$fwcmd add 1100 pass all from any to any
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?046101c172ab$ecb280e0$0301a8c0>