From owner-freebsd-net@FreeBSD.ORG  Wed Sep 27 14:08:41 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 71FEC16A4AB
	for <freebsd-net@freebsd.org>; Wed, 27 Sep 2006 14:08:41 +0000 (UTC)
	(envelope-from marko.lerota@claresco.hr)
Received: from mxout2.iskon.hr (mxout2.iskon.hr [213.191.128.81])
	by mx1.FreeBSD.org (Postfix) with SMTP id 07C9643D98
	for <freebsd-net@freebsd.org>; Wed, 27 Sep 2006 14:08:10 +0000 (GMT)
	(envelope-from marko.lerota@claresco.hr)
Received: (qmail 26217 invoked from network); 27 Sep 2006 16:08:09 +0200
X-Remote-IP: 213.191.142.124
Received: from unknown (HELO mx.iskon.hr) (213.191.142.124)
	by mxout2.iskon.hr with SMTP; 27 Sep 2006 16:08:09 +0200
Received: (qmail 6288 invoked from network); 27 Sep 2006 16:08:09 +0200
X-Remote-IP: 213.191.139.213
Received: from tirnanog.iskon.hr (213.191.139.213)
	by mx.iskon.hr with SMTP; 27 Sep 2006 16:08:08 +0200
Received: (qmail 21221 invoked by uid 1001); 27 Sep 2006 14:08:03 -0000
To: "Bruce M. Simpson" <bms@FreeBSD.org>
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAJFBMVEWgnbRLVpRNVY9jMRPh
	s21jSlEyNVX45Mv4zI+sbUclFAtMVpT8V0lFAAACZ0lEQVR4nG3Tv2vbQBQHcFMogWyeNeVK
	BLXGl5j6xnABOaNTuXFGmWpwtw519yj4soW6AatT4GKD3+aDZrl/rt/Tr9qlGiz7Pn7v3bsf
	HVc/NrIiSfElqH53GgijcCqzk/+AmBF5cN0DsFlIRGMh/oHuqxkTM6VlzB4EoZEs2aSZOASb
	EQJYZpweQshE697GTDndBXtgp9LIT9+OpDGHEfb9knk+nx+jfN1JCVZMCl6XwFm0a2EXztZD
	3s4fj47ZbKI2VeBmJImeEfGLJ+M9sDPilX7IB5rN6sdfcGhuoHU+LC4nxfnI7YOJtdb95Gb+
	fbgJ2uJ2ZgaA++f5ZzBqNCCYfMTd5q0BfBVNqm7I8gUjQ+YtXotRW6PH9AEj+dKs/KuNQAl5
	o/NY+QkonW8aQAl0oXMYPvRiXIM4pRJifbXytnhTA8alBx/jefG2ar3DBlt34/PXz9M+nMVN
	iNaPUdCApJc2ItejOmLGoK1qQLV9pJmXBnL10DYoBA5aHNfj8ZNwZa5O4CzgTJeilKJmrQJs
	IHIt1/7/Sg2p3iq/Hz0/5W05rq4M9aN2B5FLohUP4ylVyfxhEIjAs8J4PhIJ9U+CEroogib5
	BXAf7bB4vkfAzgPFt1tM9sJZAOH+lCexhwswuNtim4QTZdokqo4o89LkH7V6iFxICeqfp+Wh
	fmUuGPunLj2Meti6Cn4DjJ/UReROqR+aqawAi/JkfgKE64rrfkhjU8MtT8ivR4S5n6Yo08A7
	HvgAlHDWRSGlNSDxwK9HtXy4FS2I60EdUIJM+Ut9OZNJG4CpbEQW1VBQoQoPuBw2EVa4P0u0
	TgzQF+VoAAAAAElFTkSuQmCC
In-Reply-To: <451A7A50.7090803@FreeBSD.org> (Bruce M. Simpson's message of
	"Wed, 27 Sep 2006 14:19:12 +0100")
References: <86d59h4syy.fsf@sparrow.local> <451A7A50.7090803@FreeBSD.org>
Organization: *BSD Users - Fanatics Dept.
X-Request-PGP: <http://ds.carnet.hr:11371/pks/lookup?op=get&search=0x8DA6D56D17E52A51>
X-GNUPG-Fingerprint: CF5E 6862 2777 A471 5D2E  0015 8DA6 D56D 17E5 2A51
From: Marko Lerota <marko.lerota@zg.t-com.hr>
Date: Wed, 27 Sep 2006 16:08:03 +0200
Message-ID: <8664f94d30.fsf@sparrow.local>
User-Agent: Gnus/5.1008 (Gnus v5.10.8) Emacs/21.3 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: freebsd-net@freebsd.org
Subject: Re: problem with routnig
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Sep 2006 14:08:41 -0000

"Bruce M. Simpson" <bms@FreeBSD.org> writes:

> Marko Lerota wrote:
>> route_lan2="-net 192.168.2.0 -netmask 255.255.255.0 -iface xl0"
>> route_lan2="-net 192.168.2.0 -netmask 255.255.255.0 192.168.1.1"
>>
> Neither of these subnet routes should be necessary as 192.168.2.0/24
> is already directly connected via fxp0.
>
> Do you still see the problem without this route installed?

Yes

I'm trying to do this

                                       FreeBSD BOX
LAN 192.168.2.0/24 ---> switch0 ---> fxp0 192.168.2.71
                                     xl0 192.168.1.70 ---> switch1 ---> GW 192.168.1.1 

I want to intercept every packet from network, and don't allow LAN users
to go directly to gateway. Gateway is phisically removed from LAN users.
The only link is through FreeBSD box. Maybe this is, how they call it
"transparent proxy or Intercepting proxy" ?

-- 
One cannot sell the earth upon which the people walk
                               			Tacunka Witco