Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 28 Jun 2000 21:37:15 +0200 (CEST)
From:      Leif Neland <leifn@neland.dk>
To:        Peter Salvage <wizard@sybaweb.co.za>
Cc:        "freebsd-isp@freebsd.org" <freebsd-isp@FreeBSD.ORG>
Subject:   Re: IPFW
Message-ID:  <Pine.BSF.4.05.10006282133550.27618-100000@arnold.neland.dk>
In-Reply-To: <006601bfe108$b68dd680$0200a8c0@ait.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help 


On Wed, 28 Jun 2000, Peter Salvage wrote:

> Hi Leif
> 
> > >                  net
> > > (a)              |
> > >                router
> > > (b)              | (1st nic)
> > >             FreeBSD
> > > (c)              | (2nd nic)
> > >          mail server--proxy server
> > > (d)                                   | (2nd nic)
> > >                            internal network
> > >
> > > (a) subnet 192.168.0.0/30
> > > (b) subnet 192.168.0.4/30
> > > (c) subnet 192.168.0.8/29
> > > (d) subnet 192.168.0.16/29
> > >
> > > I'm unable to telnet to the router from the internal network, even
> > > though I've set an access list on the router allowing vty 0-4 access
> > > only from subnet (b). Therefore I'm assuming I've left something out
> of
> > > my rules list on the FreeBSD box.
> > >
> > A: Is routing ok, i.e. can you ping? from d to the router? I guess
> so...
> 
> yeah I can...sorry I never mentioned that
> 
> > B: If your access list on the router says only subnet (b) can access
> it,
> > then that's why subnet (d) can not access it. You didn't mention that
> you
> > were using NAT on the FreeBSD box, so if you telnet from (d), that's
> the
> > adress the router will see.
> 
> I'm not running NAT on the freeBSD box, but I am on the Linux box. I
> added the ip addy of the linux box external nic to the access list as
> well as the 2nd nic /30 from the FreeBSD box (c) and it made no
> difference.

Ok. Divide and conquer! (sp?)

Can you telnet to the router from the proxyserver on net (c)?
Can you telnet to something outside the router, from either (c) or (d)?

Leif




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.10006282133550.27618-100000>