From owner-freebsd-security Wed Jan 15 06:22:57 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id GAA04011 for security-outgoing; Wed, 15 Jan 1997 06:22:57 -0800 (PST) Received: from seine.cs.umd.edu (10862@seine.cs.umd.edu [128.8.128.59]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id GAA04006 for ; Wed, 15 Jan 1997 06:22:55 -0800 (PST) Received: by seine.cs.umd.edu (8.8.4/UMIACS-0.9/04-05-88) id JAA03779; Wed, 15 Jan 1997 09:22:54 -0500 (EST) Date: Wed, 15 Jan 1997 09:22:54 -0500 (EST) From: rohit@cs.umd.edu (Rohit Dube) Message-Id: <199701151422.JAA03779@seine.cs.umd.edu> To: security@freebsd.org Subject: Firewall and FreeBSD CIDR Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk [I am not sure if this belongs here, but there is no freebsd-net list..] Hi, I have a block of 32 globally routable addresses which I split into two blocks of 16 in order to set up a firewall from the internal machines to the external router. From the FreeBSD firewall machine, I can 'see' both the internal network and the outside. But, the firewall machine refuses to route any packets across it. (Yes the firewall functionality is turned off, ip forwarding is enabled and the subnet masks are set correctly). Instead of subnetting at the firewall, if I use an RFC 1918 (10.0.0.X) addrress between the firewall and the external router, everything works just fine. Does this mean that FreeBSD doesn't do CIDR correctly? Anybody see this before? I have been tearing my hair over this for a while now... Thanks. --rohit. PS: [ext. router] -------X |firewall| X-------- [internal machines]