Date: Tue, 27 Jun 2000 21:04:56 -0700 From: "Crist J. Clark" <cristjc@earthlink.net> To: Rossen Raykov <rraykov@sage-consult.com> Cc: FreeBSD-questions@FreeBSD.ORG Subject: Re: rouing problem Message-ID: <20000627210456.H424@dialin-client.earthlink.net> In-Reply-To: <01a701bfe08c$a8d8d890$4c00000a@sage>; from rraykov@sage-consult.com on Tue, Jun 27, 2000 at 07:08:52PM -0400 References: <01a701bfe08c$a8d8d890$4c00000a@sage>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jun 27, 2000 at 07:08:52PM -0400, Rossen Raykov wrote: > Hi all! > > I am trying to use FreeBSD like gateway/firewall. > My network topology is like this one: > > > ISP 1 ISP 2 > > ^ ^ > | | > | | > +-------+ +--------+ > | DSL | | ISDN | > +-------+ +--------+ > IP 1.0.0.1 IP 2.0.0.1 > > \ / > \ / > > IP 1.0.0.252 IP 2.0.0.2 > MASK 255.255.255.0 MASK 255.255.255.252 > ----------------------------------------- > FreeBSD Box > ----------------------------------------- > IP 2.0.0.252 > MASK 255.255.255.0 > | > | > ----------------------------------------- > L A N HOST > NET 2.0.0.0 2.0.0.129 > > I am running FreeBSD 4.0 and the kernel is compiled with the following > options: IPFIREWALL, IPFIREWALL_VERBOSE, IPDIVERT, BRIDGE. Yikes. > In /etc/rc.conf following options are defined: > firewall_enable="YES" > firewall_type="open" > gateway_enable="YES" > router_enable="YES" > kern_securitylevel_enabled="NO" > > As one can expect after that the firewall rules are: > allow ip from any to any via lo0 > deny ip from any to 127.0.0.0/8 > allow ip from any to any > deny ip from any to any > > Routing connected sysctl flags are: > net.inet.ip.forwarding=1 > net.inet.ip.redirect=1 > net.inet.ip.fw.enable=1 > net.inet.ip.fw.one_pass=1 Missing, net.link.ether.bridge net.link.ether.bridge_ipfw > I am able to ping all neighbors interfaces from BSD box (1.0.0.1, 2.0.0.1 > and 2.0.0.129). > > My first problem was that I was not able to ping 1.0.0.252 and 2.0.0.2 > interfaces on the server from LAN host (2.0.0.129). > After I've enabled BRIDGE option in the kernel that become possible. > > Then a new problem appear - I cannot ping 1.0.0.1 and 2.0.0.1 from the LAN > host (2.0.0.129). > > All IP addresses that I am using are real (routable) IP addresses. > > Where is my mistake? > Why I am not able to pass thru BSD box? > Are my network mask wrong or I am missing something on kernel/os > configuration level? I believe that the problem is that you are trying to mix routing and bridging. You should decide the FreeBSD box is going to do one or the other. > I have one more question too. > How to set up the box to work with 2 or more gateways and to make dinamyc > routing? > Can someone give a URL devoted to this to me? > Recommendations for gated setting will be appreciated to. OK, it sounds like you want to do routing, then loose the bridging. Actually break up that 2.0.0.0/24 into subnets. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000627210456.H424>