From owner-freebsd-questions Tue Jun 27 16: 9:15 2000 Delivered-To: freebsd-questions@freebsd.org Received: from mail1.sageian.com (host254.sage-consult.com [208.201.118.254]) by hub.freebsd.org (Postfix) with ESMTP id 5BAB337BEE8 for ; Tue, 27 Jun 2000 16:08:53 -0700 (PDT) (envelope-from rraykov@sage-consult.com) Received: from pricli012 (pricli012.sage [10.0.0.76]) by mail1.sageian.com (8.10.2/8.10.1) with SMTP id e5RN8qq01825 for ; Tue, 27 Jun 2000 19:08:52 -0400 Message-ID: <01a701bfe08c$a8d8d890$4c00000a@sage> Reply-To: "Rossen Raykov" From: "Rossen Raykov" To: Subject: rouing problem Date: Tue, 27 Jun 2000 19:08:52 -0400 Organization: SageConsult, Princeton MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi all! I am trying to use FreeBSD like gateway/firewall. My network topology is like this one: ISP 1 ISP 2 ^ ^ | | | | +-------+ +--------+ | DSL | | ISDN | +-------+ +--------+ IP 1.0.0.1 IP 2.0.0.1 \ / \ / IP 1.0.0.252 IP 2.0.0.2 MASK 255.255.255.0 MASK 255.255.255.252 ----------------------------------------- FreeBSD Box ----------------------------------------- IP 2.0.0.252 MASK 255.255.255.0 | | ----------------------------------------- L A N HOST NET 2.0.0.0 2.0.0.129 I am running FreeBSD 4.0 and the kernel is compiled with the following options: IPFIREWALL, IPFIREWALL_VERBOSE, IPDIVERT, BRIDGE. In /etc/rc.conf following options are defined: firewall_enable="YES" firewall_type="open" gateway_enable="YES" router_enable="YES" kern_securitylevel_enabled="NO" As one can expect after that the firewall rules are: allow ip from any to any via lo0 deny ip from any to 127.0.0.0/8 allow ip from any to any deny ip from any to any Routing connected sysctl flags are: net.inet.ip.forwarding=1 net.inet.ip.redirect=1 net.inet.ip.fw.enable=1 net.inet.ip.fw.one_pass=1 I am able to ping all neighbors interfaces from BSD box (1.0.0.1, 2.0.0.1 and 2.0.0.129). My first problem was that I was not able to ping 1.0.0.252 and 2.0.0.2 interfaces on the server from LAN host (2.0.0.129). After I've enabled BRIDGE option in the kernel that become possible. Then a new problem appear - I cannot ping 1.0.0.1 and 2.0.0.1 from the LAN host (2.0.0.129). All IP addresses that I am using are real (routable) IP addresses. Where is my mistake? Why I am not able to pass thru BSD box? Are my network mask wrong or I am missing something on kernel/os configuration level? I have one more question too. How to set up the box to work with 2 or more gateways and to make dinamyc routing? Can someone give a URL devoted to this to me? Recommendations for gated setting will be appreciated to. Thanks in advance, Rossen PS sorry for my English, it is not my native language ;) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message