Date: Wed, 28 Jun 2000 13:40:46 -0400 From: "Rossen Raykov" <rraykov@sage-consult.com> To: <cjclark@alum.mit.edu> Cc: <FreeBSD-questions@FreeBSD.ORG> Subject: Re: routing problem Message-ID: <042701bfe127$fe1582e0$4c00000a@sage> References: <01a701bfe08c$a8d8d890$4c00000a@sage> <20000627210456.H424@dialin-client.earthlink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, First I've removed BRIDGING from the kernel (since I wish to do routing ;) After that I've changed netmask for the LAN (2.0.0.0) to be 255.255.255.128 (the net mask for ISP 2 is still 255.255.255.252). Finally I've disabled the ipfw using: sysctl -w net.inet.ip.fw.enable=0 to simplify the configuration. As a result on the BSD box I am able to ping 1.0.0.1, 2.0.0.1 and 2.0.0.129. From 2.0.0.129 I am able to ping 2.0.0.252, 2.0.0.2 and 1.0.0.252 but still I am not able to ping neither 1.0.0.1 not 2.0.0.1. The default gateway on 2.0.0.129 is set to 2.0.0.252. Why then my routing/forwarding is not working?! It have to be simple but seems I am missing something important and I can not find it... Any suggestions? Tanks in advance, Rossen ----- Original Message ----- From: <cristjc@earthlink.net> To: <Rossen.Raykov@sage-consult.com> Cc: <FreeBSD-questions@FreeBSD.ORG> Sent: Wednesday, June 28, 2000 12:04 AM Subject: Re: rouing problem > On Tue, Jun 27, 2000 at 07:08:52PM -0400, Rossen Raykov wrote: > > Hi all! > > > > I am trying to use FreeBSD like gateway/firewall. > > My network topology is like this one: > > > > > > ISP 1 ISP 2 > > > > ^ ^ > > | | > > | | > > +-------+ +--------+ > > | DSL | | ISDN | > > +-------+ +--------+ > > IP 1.0.0.1 IP 2.0.0.1 > > > > \ / > > \ / > > > > IP 1.0.0.252 IP 2.0.0.2 > > MASK 255.255.255.0 MASK 255.255.255.252 > > ----------------------------------------- > > FreeBSD Box > > ----------------------------------------- > > IP 2.0.0.252 > > MASK 255.255.255.0 > > | > > | > > ----------------------------------------- > > L A N HOST > > NET 2.0.0.0 2.0.0.129 > > > > I am running FreeBSD 4.0 and the kernel is compiled with the following > > options: IPFIREWALL, IPFIREWALL_VERBOSE, IPDIVERT, BRIDGE. > > Yikes. > > > In /etc/rc.conf following options are defined: > > firewall_enable="YES" > > firewall_type="open" > > gateway_enable="YES" > > router_enable="YES" > > kern_securitylevel_enabled="NO" > > > > As one can expect after that the firewall rules are: > > allow ip from any to any via lo0 > > deny ip from any to 127.0.0.0/8 > > allow ip from any to any > > deny ip from any to any > > > > Routing connected sysctl flags are: > > net.inet.ip.forwarding=1 > > net.inet.ip.redirect=1 > > net.inet.ip.fw.enable=1 > > net.inet.ip.fw.one_pass=1 > > Missing, > > net.link.ether.bridge > net.link.ether.bridge_ipfw > > > I am able to ping all neighbors interfaces from BSD box (1.0.0.1, 2.0.0.1 > > and 2.0.0.129). > > > > My first problem was that I was not able to ping 1.0.0.252 and 2.0.0.2 > > interfaces on the server from LAN host (2.0.0.129). > > After I've enabled BRIDGE option in the kernel that become possible. > > > > Then a new problem appear - I cannot ping 1.0.0.1 and 2.0.0.1 from the LAN > > host (2.0.0.129). > > > > All IP addresses that I am using are real (routable) IP addresses. > > > > Where is my mistake? > > Why I am not able to pass thru BSD box? > > Are my network mask wrong or I am missing something on kernel/os > > configuration level? > > I believe that the problem is that you are trying to mix routing and > bridging. You should decide the FreeBSD box is going to do one or the > other. > > > I have one more question too. > > How to set up the box to work with 2 or more gateways and to make dinamyc > > routing? > > Can someone give a URL devoted to this to me? > > Recommendations for gated setting will be appreciated to. > > OK, it sounds like you want to do routing, then loose the > bridging. Actually break up that 2.0.0.0/24 into subnets. > -- > Crist J. Clark cjclark@alum.mit.edu > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?042701bfe127$fe1582e0$4c00000a>