From owner-freebsd-questions@FreeBSD.ORG Thu May 29 10:19:40 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7E07837B401 for ; Thu, 29 May 2003 10:19:40 -0700 (PDT) Received: from nightmare.dreamchaser.org (pm7-2.blackfoot.net [12.32.36.65]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2898F43F3F for ; Thu, 29 May 2003 10:19:39 -0700 (PDT) (envelope-from freebsd@dreamchaser.org) Received: from dreamchaser.org (imagination.dreamchaser.org. [12.32.36.74]) h4TGRIj00221; Thu, 29 May 2003 10:27:24 -0600 (MDT) (envelope-from freebsd@dreamchaser.org) Message-ID: <3ED64120.3070607@dreamchaser.org> Date: Thu, 29 May 2003 11:19:28 -0600 From: Gary Aitken User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 X-Accept-Language: en-US, es MIME-Version: 1.0 To: Vince Hoffman References: <3500515B75D9D311948800508BA37955014BDB96@EX-LONDON> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: 'Gary Aitken' cc: questions@freebsd.org Subject: Re: DSL router when what I need is a bridge; ARP problem? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 May 2003 17:19:40 -0000 > > >If i've understood you correctly you want to join two seperate physical >network segments on the same subnet using the freebsd box. > >Since the join is the Freebsd box then getting that to bridge the two >nics should work (assigning and IP to one if needed.) >Otherwise you'll need some more routes and to make things more complex, > a working example that I have in use (wanted to firewall a class c but >was supplied with a managed router as .1 and didnt want to use bridging.) >The router and firewalls routerside nic have a .252 netmask (subnet of >.1 and .2) the router (.1) has a static route of x.y.z.0/24 via .2 >(firewalls external nic) the firewall has .1 as >its default route. rest of class c has firewalls other nic (.194 for >no good reason) as default route. > > This is basically what I have set up. Unfortunately, the router box in question, a cisco 678 DSL modem, doesn't do its routing job correctly, and instead of forwarding packets via the (.2 in your case) firewall's external network interface, queries that network looking for a direct connection to the destination host. According to the arp man page, arp should make it possible for the firewall to handle this request, but it isn't. If the firewall would pass it's own (.2 in your case) ethernet address as a proxy for the requested internal host, the router would send the packet to the firewall, which would then forward it appropriately. Gary