From owner-freebsd-questions Tue Jun 27 21: 8:54 2000 Delivered-To: freebsd-questions@freebsd.org Received: from kestrel.prod.itd.earthlink.net (kestrel.prod.itd.earthlink.net [207.217.121.155]) by hub.freebsd.org (Postfix) with ESMTP id 838A037B73E for ; Tue, 27 Jun 2000 21:08:50 -0700 (PDT) (envelope-from cjc@earthlink.net) Received: from dialin-client.earthlink.net (pool0181.cvx34-bradley.dialup.earthlink.net [216.244.6.181]) by kestrel.prod.itd.earthlink.net (8.9.3-EL_1_3/8.9.3) with ESMTP id VAA27285; Tue, 27 Jun 2000 21:08:43 -0700 (PDT) Received: (from cjc@localhost) by dialin-client.earthlink.net (8.9.3/8.9.3) id VAA00811; Tue, 27 Jun 2000 21:07:16 -0700 (PDT) Date: Tue, 27 Jun 2000 21:04:56 -0700 From: "Crist J. Clark" To: Rossen Raykov Cc: FreeBSD-questions@FreeBSD.ORG Subject: Re: rouing problem Message-ID: <20000627210456.H424@dialin-client.earthlink.net> Reply-To: cjclark@alum.mit.edu References: <01a701bfe08c$a8d8d890$4c00000a@sage> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <01a701bfe08c$a8d8d890$4c00000a@sage>; from rraykov@sage-consult.com on Tue, Jun 27, 2000 at 07:08:52PM -0400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, Jun 27, 2000 at 07:08:52PM -0400, Rossen Raykov wrote: > Hi all! > > I am trying to use FreeBSD like gateway/firewall. > My network topology is like this one: > > > ISP 1 ISP 2 > > ^ ^ > | | > | | > +-------+ +--------+ > | DSL | | ISDN | > +-------+ +--------+ > IP 1.0.0.1 IP 2.0.0.1 > > \ / > \ / > > IP 1.0.0.252 IP 2.0.0.2 > MASK 255.255.255.0 MASK 255.255.255.252 > ----------------------------------------- > FreeBSD Box > ----------------------------------------- > IP 2.0.0.252 > MASK 255.255.255.0 > | > | > ----------------------------------------- > L A N HOST > NET 2.0.0.0 2.0.0.129 > > I am running FreeBSD 4.0 and the kernel is compiled with the following > options: IPFIREWALL, IPFIREWALL_VERBOSE, IPDIVERT, BRIDGE. Yikes. > In /etc/rc.conf following options are defined: > firewall_enable="YES" > firewall_type="open" > gateway_enable="YES" > router_enable="YES" > kern_securitylevel_enabled="NO" > > As one can expect after that the firewall rules are: > allow ip from any to any via lo0 > deny ip from any to 127.0.0.0/8 > allow ip from any to any > deny ip from any to any > > Routing connected sysctl flags are: > net.inet.ip.forwarding=1 > net.inet.ip.redirect=1 > net.inet.ip.fw.enable=1 > net.inet.ip.fw.one_pass=1 Missing, net.link.ether.bridge net.link.ether.bridge_ipfw > I am able to ping all neighbors interfaces from BSD box (1.0.0.1, 2.0.0.1 > and 2.0.0.129). > > My first problem was that I was not able to ping 1.0.0.252 and 2.0.0.2 > interfaces on the server from LAN host (2.0.0.129). > After I've enabled BRIDGE option in the kernel that become possible. > > Then a new problem appear - I cannot ping 1.0.0.1 and 2.0.0.1 from the LAN > host (2.0.0.129). > > All IP addresses that I am using are real (routable) IP addresses. > > Where is my mistake? > Why I am not able to pass thru BSD box? > Are my network mask wrong or I am missing something on kernel/os > configuration level? I believe that the problem is that you are trying to mix routing and bridging. You should decide the FreeBSD box is going to do one or the other. > I have one more question too. > How to set up the box to work with 2 or more gateways and to make dinamyc > routing? > Can someone give a URL devoted to this to me? > Recommendations for gated setting will be appreciated to. OK, it sounds like you want to do routing, then loose the bridging. Actually break up that 2.0.0.0/24 into subnets. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message