From owner-freebsd-net Tue Oct 24 9:45:33 2000 Delivered-To: freebsd-net@freebsd.org Received: from mail.biographix.com (unknown [207.236.111.133]) by hub.freebsd.org (Postfix) with ESMTP id B429A37B479 for ; Tue, 24 Oct 2000 09:45:30 -0700 (PDT) Received: from bottleneck2000 ([192.168.1.12]) by mail.biographix.com (8.11.1/8.11.1) with SMTP id e9OJR8r08004 for ; Tue, 24 Oct 2000 15:27:09 -0400 (EDT) Message-ID: <01a101c03dda$32423ae0$0c01a8c0@bottleneck2000> From: "Elliott Perrin" To: Subject: Three interface routing problem Date: Tue, 24 Oct 2000 12:48:11 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Wondering if anyone can shed some light on how to do this properly. I am using FreeBSD 4.0 on a machine configured as a firewall. I have been trying to set it up so that I can have three interfaces, one to live web servers, one to carrier and one to LAN. Current interface configuration is xl0 192.168.1.1 netmask 255.255.255.0 xl1 xxx.xxx.xxx.115 netmask 255.255.255.248 xl2 xxx.xxx.xxx..129 netmask 255.255.255.240 xl2 goes to carrier, xl1 goes to web servers (DMZ), and xl0 is pretty obvious. the first three octects of xl1 and xl2 are the same. Here is the problem experienced, when I connect the network to xl0 the local LAN can reach our DMZ, but cannot reach the Internet. The web servers remain live to the Internet and to the LAN and I can reach reach the outside world from the web servers. I have done this with all ipfw rules flushed to be sure that is not the ruleset and NATD is running in -u with the address of the xl2 interface (out to carrier) specified as the address to translate to. Within Sysctl net.inet.ip.fw.enable: 1 net.inet.ip.fw.one_pass: 1 Any hints as to what I am missing, I figure I gotta be missing something here. Cheers ________________________________________ Elliott Perrin eperrin@bigorbit.com [t] 416.516.0705 ext 25 [f] 416.516.9256 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message