From owner-freebsd-isp Wed Jun 28 12:37:44 2000 Delivered-To: freebsd-isp@freebsd.org Received: from ns.internet.dk (ns.internet.dk [194.19.140.1]) by hub.freebsd.org (Postfix) with ESMTP id 2CF7D37BD06 for ; Wed, 28 Jun 2000 12:37:39 -0700 (PDT) (envelope-from leifn@neland.dk) Received: (from uucp@localhost) by ns.internet.dk (8.9.3/8.9.3) with UUCP id VAA56596; Wed, 28 Jun 2000 21:37:29 +0200 (CEST) (envelope-from leifn@neland.dk) Received: from localhost (localhost [127.0.0.1]) by arnold.neland.dk (8.9.3/8.9.3) with ESMTP id VAA23152; Wed, 28 Jun 2000 21:37:15 +0200 (CEST) (envelope-from leifn@neland.dk) Date: Wed, 28 Jun 2000 21:37:15 +0200 (CEST) From: Leif Neland To: Peter Salvage Cc: "freebsd-isp@freebsd.org" Subject: Re: IPFW In-Reply-To: <006601bfe108$b68dd680$0200a8c0@ait.co.za> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 28 Jun 2000, Peter Salvage wrote: > Hi Leif > > > > net > > > (a) | > > > router > > > (b) | (1st nic) > > > FreeBSD > > > (c) | (2nd nic) > > > mail server--proxy server > > > (d) | (2nd nic) > > > internal network > > > > > > (a) subnet 192.168.0.0/30 > > > (b) subnet 192.168.0.4/30 > > > (c) subnet 192.168.0.8/29 > > > (d) subnet 192.168.0.16/29 > > > > > > I'm unable to telnet to the router from the internal network, even > > > though I've set an access list on the router allowing vty 0-4 access > > > only from subnet (b). Therefore I'm assuming I've left something out > of > > > my rules list on the FreeBSD box. > > > > > A: Is routing ok, i.e. can you ping? from d to the router? I guess > so... > > yeah I can...sorry I never mentioned that > > > B: If your access list on the router says only subnet (b) can access > it, > > then that's why subnet (d) can not access it. You didn't mention that > you > > were using NAT on the FreeBSD box, so if you telnet from (d), that's > the > > adress the router will see. > > I'm not running NAT on the freeBSD box, but I am on the Linux box. I > added the ip addy of the linux box external nic to the access list as > well as the 2nd nic /30 from the FreeBSD box (c) and it made no > difference. Ok. Divide and conquer! (sp?) Can you telnet to the router from the proxyserver on net (c)? Can you telnet to something outside the router, from either (c) or (d)? Leif To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message