From owner-freebsd-isp Fri Jul 10 11:09:29 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA16724 for freebsd-isp-outgoing; Fri, 10 Jul 1998 11:09:29 -0700 (PDT) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from bastuba.partitur.se (bastuba.partitur.se [193.219.246.194]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA16715 for ; Fri, 10 Jul 1998 11:09:26 -0700 (PDT) (envelope-from girgen@partitur.se) Received: from solist. (solist.partitur.se [193.219.246.204]) by bastuba.partitur.se (8.8.8/8.8.8) with SMTP id UAA09688; Fri, 10 Jul 1998 20:09:23 +0200 (CEST) (envelope-from girgen@partitur.se) Received: from partitur.se by solist. (SMI-8.6/SMI-SVR4) id UAA04329; Fri, 10 Jul 1998 20:07:56 +0200 Message-ID: <35A6587B.D5F4F228@partitur.se> Date: Fri, 10 Jul 1998 20:07:55 +0200 From: Palle Girgensohn Organization: Partitur X-Mailer: Mozilla 4.05 [en] (X11; I; SunOS 5.6 sun4u) MIME-Version: 1.0 To: freebsd-isp@FreeBSD.ORG Subject: Help: bridge router trouble Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, I have a problem setting up a fbsd machine as a packet filtering router. It just won't route properly. Now the net looks like this: x.y.z.193 is my isp's router and we connect directly to it. No problem. Our network is x.y.z.192/26 The new order that I want is this: enet enet |---- | | -------------- | --------------- |---- |isp's router| | |fbsd machine | | our LAN | A |---|---| B |-------| C -------------- | --------------- |---- x.y.q.45 | x.y.q.46 x.y.z.193 | x.y.z.n That is, we "insert" a small ip net (x.y.q.44/30) between and add a second router, the FreeBSD machine. B has two NICs. A bridge! Pretty basic. :) I have set up the fbsd machine in a testbed like the one above, with another fbsd as .45, and it worked well, pinging and telnetting in all directions. I rebooted it to see that rc.conf was correct, and it was. Rebooted again, and connected it live to the isp's router at the same time that they changed from x.y.z.193 to x.y.q.45. >From B, I could ping A, but A couldn't ping B! >From C both interfaces' IPs on B were seen, but C couldn't ping A. B was set up with a default route to A, and C with a default to B. A is a cisco router, that's all I know. Here's some info on B: >sysctl net.inet.ip.forwarding gives 1. I also tried turning ip forwarding off, and shutting down the internal interface with ifconfig, but to no avail. I could still ping from B to A, but not from A to B. What's happening? >ipfw list gives: 65000 allow ip from any to any 65535 deny ip from any to any >uname -a FreeBSD gw.partitur.se 2.2.6-STABLE FreeBSD 2.2.6-STABLE #0: Fri Jun 12 22:41:10 CEST 1998 root@trumpet.partitur.se:/usr/src/sys/compile/PALLEDIKET i386 I've tried running with and without 'routed', but whouldn't matter, right? Here are relevant parts of rc.conf: ... firewall_enable="YES" firewall_type="/etc/firewall.conf" firewall_quiet="NO" tcp_extensions="NO" network_interfaces="fxp0 fxp1 lo0" ifconfig_fxp0="inet x.y.z.193 netmask 0xffffffc0" ifconfig_fxp1="inet x.y.q.46 netmask 0xfffffffc" ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration. defaultrouter="x.y.q.45" static_routes="" gateway_enable="YES" router_enable="YES" router="routed" router_flags="" mrouted_enable="NO" mrouted_flags="" forward_sourceroute="NO" accept_sourceroute="NO" Relevant parts of the kernel config: options MROUTING #Multicast routing options IPFIREWALL options IPFIREWALL_VERBOSE options "IPFIREWALL_VERBOSE_LIMIT=100" options IPDIVERT /etc/firewall.conf: add 65000 allow ip from any to any (for now anyway ;-) Phew, that was exhausting ;-) Any ideas? I must be missing some tweaky setting, eh? Regards, Palle To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message