Date: Fri, 10 Jul 1998 20:07:55 +0200 From: Palle Girgensohn <girgen@partitur.se> To: freebsd-isp@FreeBSD.ORG Subject: Help: bridge router trouble Message-ID: <35A6587B.D5F4F228@partitur.se>
next in thread | raw e-mail | index | archive | help
Hello,
I have a problem setting up a fbsd machine as a packet filtering router.
It just won't route properly.
Now the net looks like this:
x.y.z.193 is my isp's router and we connect directly to it. No problem.
Our network is x.y.z.192/26
The new order that I want is this:
enet
enet |----
| |
-------------- | --------------- |----
|isp's router| | |fbsd machine | | our LAN
| A |---|---| B |-------| C
-------------- | --------------- |----
x.y.q.45 | x.y.q.46 x.y.z.193 | x.y.z.n
That is, we "insert" a small ip net (x.y.q.44/30) between and add a
second router, the FreeBSD machine. B has two NICs. A bridge! Pretty
basic. :)
I have set up the fbsd machine in a testbed like the one above, with
another fbsd as .45, and it worked well, pinging and telnetting in all
directions. I rebooted it to see that rc.conf was correct, and it was.
Rebooted again, and connected it live to the isp's router at the same
time that they changed from x.y.z.193 to x.y.q.45.
>From B, I could ping A, but A couldn't ping B!
>From C both interfaces' IPs on B were seen, but C couldn't ping A.
B was set up with a default route to A, and C with a default to B.
A is a cisco router, that's all I know.
Here's some info on B:
>sysctl net.inet.ip.forwarding gives 1.
I also tried turning ip forwarding off, and shutting down the internal
interface with ifconfig, but to no avail. I could still ping from B to
A, but not from A to B. What's happening?
>ipfw list gives:
65000 allow ip from any to any
65535 deny ip from any to any
>uname -a
FreeBSD gw.partitur.se 2.2.6-STABLE FreeBSD 2.2.6-STABLE #0: Fri Jun 12
22:41:10 CEST 1998
root@trumpet.partitur.se:/usr/src/sys/compile/PALLEDIKET i386
I've tried running with and without 'routed', but whouldn't matter,
right?
Here are relevant parts of rc.conf:
...
firewall_enable="YES"
firewall_type="/etc/firewall.conf"
firewall_quiet="NO"
tcp_extensions="NO"
network_interfaces="fxp0 fxp1 lo0"
ifconfig_fxp0="inet x.y.z.193 netmask 0xffffffc0"
ifconfig_fxp1="inet x.y.q.46 netmask 0xfffffffc"
ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration.
defaultrouter="x.y.q.45"
static_routes=""
gateway_enable="YES"
router_enable="YES"
router="routed"
router_flags=""
mrouted_enable="NO"
mrouted_flags=""
forward_sourceroute="NO"
accept_sourceroute="NO"
Relevant parts of the kernel config:
options MROUTING #Multicast routing
options IPFIREWALL
options IPFIREWALL_VERBOSE
options "IPFIREWALL_VERBOSE_LIMIT=100"
options IPDIVERT
/etc/firewall.conf:
add 65000 allow ip from any to any
(for now anyway ;-)
Phew, that was exhausting ;-)
Any ideas? I must be missing some tweaky setting, eh?
Regards,
Palle
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35A6587B.D5F4F228>