From owner-freebsd-net  Tue Oct 24  9:45:33 2000
Delivered-To: freebsd-net@freebsd.org
Received: from mail.biographix.com (unknown [207.236.111.133])
	by hub.freebsd.org (Postfix) with ESMTP id B429A37B479
	for <freebsd-net@freebsd.org>; Tue, 24 Oct 2000 09:45:30 -0700 (PDT)
Received: from bottleneck2000 ([192.168.1.12])
	by mail.biographix.com (8.11.1/8.11.1) with SMTP id e9OJR8r08004
	for <freebsd-net@freebsd.org>; Tue, 24 Oct 2000 15:27:09 -0400 (EDT)
Message-ID: <01a101c03dda$32423ae0$0c01a8c0@bottleneck2000>
From: "Elliott Perrin" <eperrin@bigorbit.com>
To: <freebsd-net@freebsd.org>
Subject: Three interface routing problem
Date: Tue, 24 Oct 2000 12:48:11 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6700
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Wondering if anyone can shed some light on how to do this properly. I am
using FreeBSD 4.0 on a machine
configured as a firewall. I have been trying to set it up so that I can have
three interfaces, one to live web servers,
one to carrier and one to LAN. Current interface configuration is

xl0 192.168.1.1 netmask 255.255.255.0
xl1 xxx.xxx.xxx.115  netmask 255.255.255.248
xl2 xxx.xxx.xxx..129 netmask 255.255.255.240

xl2 goes to carrier, xl1 goes to web servers (DMZ), and xl0 is pretty
obvious. the first three octects
of xl1 and xl2 are the same.

Here is the problem experienced, when I connect the network to xl0 the local
LAN can reach our DMZ,
but cannot reach the Internet. The web servers remain live to the Internet
and to the LAN and I can reach
reach the outside world from the web servers. I have done this with all ipfw
rules flushed to be sure that
is not the ruleset and NATD is running in -u with the address of the xl2
interface (out to carrier) specified
as the address to translate to.

Within Sysctl

net.inet.ip.fw.enable: 1
net.inet.ip.fw.one_pass: 1

Any hints as to what I am missing, I figure I gotta be missing something
here.

Cheers
________________________________________
Elliott Perrin
eperrin@bigorbit.com
[t] 416.516.0705 ext 25
[f] 416.516.9256



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message