From owner-freebsd-isp  Wed Jun 28  6:57:26 2000
Delivered-To: freebsd-isp@freebsd.org
Received: from exodus.ait.co.za (exodus.ait.co.za [196.36.149.2])
	by hub.freebsd.org (Postfix) with SMTP id 44E9437B8EF
	for <freebsd-isp@FreeBSD.ORG>; Wed, 28 Jun 2000 06:57:15 -0700 (PDT)
	(envelope-from wizard@sybaweb.co.za)
Received: from pmctn3b [196.36.149.4] by exodus.ait.co.za
  (SMTPD32-4.06) id A2B4595019C; Wed, 28 Jun 2000 15:56:52 +0200
Message-ID: <006601bfe108$b68dd680$0200a8c0@ait.co.za>
Reply-To: "Peter Salvage" <wizard@sybaweb.co.za>
From: "Peter Salvage" <wizard@sybaweb.co.za>
To: "freebsd-isp@freebsd.org" <freebsd-isp@FreeBSD.ORG>
References: <Pine.BSF.4.05.10006281521240.27618-100000@arnold.neland.dk>
Subject: Re: IPFW
Date: Wed, 28 Jun 2000 15:56:51 +0200
Organization: SybaWeb Internet & Networking
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6600
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hi Leif

> >                  net
> > (a)              |
> >                router
> > (b)              | (1st nic)
> >             FreeBSD
> > (c)              | (2nd nic)
> >          mail server--proxy server
> > (d)                                   | (2nd nic)
> >                            internal network
> >
> > (a) subnet 192.168.0.0/30
> > (b) subnet 192.168.0.4/30
> > (c) subnet 192.168.0.8/29
> > (d) subnet 192.168.0.16/29
> >
> > I'm unable to telnet to the router from the internal network, even
> > though I've set an access list on the router allowing vty 0-4 access
> > only from subnet (b). Therefore I'm assuming I've left something out
of
> > my rules list on the FreeBSD box.
> >
> A: Is routing ok, i.e. can you ping? from d to the router? I guess
so...

yeah I can...sorry I never mentioned that

> B: If your access list on the router says only subnet (b) can access
it,
> then that's why subnet (d) can not access it. You didn't mention that
you
> were using NAT on the FreeBSD box, so if you telnet from (d), that's
the
> adress the router will see.

I'm not running NAT on the freeBSD box, but I am on the Linux box. I
added the ip addy of the linux box external nic to the access list as
well as the 2nd nic /30 from the FreeBSD box (c) and it made no
difference.

sigh...can't be a router conf issue...I'm obviously looking right past
the damn error
<screaming in frustration>
:-)

/wiZZ



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message