From owner-freebsd-questions@FreeBSD.ORG Fri Nov 23 13:41:31 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8092716A418 for ; Fri, 23 Nov 2007 13:41:31 +0000 (UTC) (envelope-from alaorneto@gmail.com) Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.229]) by mx1.freebsd.org (Postfix) with ESMTP id 1EBC413C448 for ; Fri, 23 Nov 2007 13:41:30 +0000 (UTC) (envelope-from alaorneto@gmail.com) Received: by nz-out-0506.google.com with SMTP id l8so2442169nzf for ; Fri, 23 Nov 2007 05:41:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; bh=aexG+4hLYj9L4GTQPiWZjxj6lQrJ7dK9Hslzfhf9b+8=; b=KZJP4M/ijOMEmIwmN/JK071VvmeypfeXJlI6AvV2jkSlNX1QpBkOqh2uyFHEogDant0f27Wj9tl+5UbnyaIDJSCSR4TMs5pJJYISEbvMnMX1yO5loCRq3ye9GTe2zibPmmuAxe7D5RjHr786ZP+jJoFr3Waq8lYnms+IX4FomRc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=Ji1sLsQzuS96OpN4tJWgn2w6LBG/QV7tZDO6OgGKMRlmM77KpzF+mRYTRTfA/YSzQuCnAyCGErKJ3unGEh6Lxh7+dYbY6MrKTxRVh6mAhwua7fz1yy/98Tq58cMljj4ME9KGCSi46+72wcp/SuNKL3LrTe4PjsJQinWoX0A2LFQ= Received: by 10.142.83.4 with SMTP id g4mr1964808wfb.1195825285133; Fri, 23 Nov 2007 05:41:25 -0800 (PST) Received: by 10.143.125.3 with HTTP; Fri, 23 Nov 2007 05:41:25 -0800 (PST) Message-ID: <2949641c0711230541l1d031b93t6f095b7e0853577d@mail.gmail.com> Date: Fri, 23 Nov 2007 11:41:25 -0200 From: "Alaor Barroso de Carvalho Neto" To: "Bill Moran" In-Reply-To: <20071123083415.838efb76.wmoran@potentialtech.com> MIME-Version: 1.0 References: <2949641c0711210609xc9fcb89t8217cd0995d1c86b@mail.gmail.com> <474440FC.5090901@ibctech.ca> <2949641c0711210644y3ffe8d19ub409b581971e2b1d@mail.gmail.com> <2949641c0711210646p7ded7321g66c4978bb56f1868@mail.gmail.com> <47444C3C.3000003@ibctech.ca> <2949641c0711230452t202d4875k821d5ff753ca0307@mail.gmail.com> <20071123083415.838efb76.wmoran@potentialtech.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: routing problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Nov 2007 13:41:31 -0000 2007/11/23, Bill Moran : > > "Alaor Barroso de Carvalho Neto" wrote: > > > > OK guyz, I did some tests and I found the error, like you said, it's a > > config problem with the routes, I thought the routed daemon would care > of it > > for me but it seems like it don't. Please I ask you to forget the > scenario I > > said before, now what i have is: > > > > The dns server is now with the IP 192.168.1.1. But to turn things more > easy > > I installed it in the FreeBSD box that is gonna be my gateway and proxy > > machine, so the problem isn't about the dns anymore. > > > > I work in a school and I have now this sccenario two local networks, > > 192.168.1/24, an administrative network and 192.168.2/24, an academic > > network, plus I must have access to a network of other school with the > ip > > 10.10/16, because they share their database serverwith us. So the > FreeBSD > > machine have four network cards: > > > > em0 external world XXX.XXX.XXX.XXX > > rl0 adm 192.168.1.80 > > rl1 acad 192.168.2.90 > > rl3 database 10.10.0.50 > > > > They are all separated networks. What I want: 192.168.2 should only > access > > the internet, shouldn't have access to 192.168.1 or 10.10/16. > > 192.168.1should access the internet and > > 10.10/16, but shouldn't access the academic network. 10.10/16 should > access > > only the 192.168.1 network, but it's not a problem if they had access to > > internet too. > > > > How I would set up my rc.conf with my static routes? > > This is beyond the scope of routing. You'll need to install a packet > filter. The best at this time is probably pf: > > http://www.freebsd.org/cgi/man.cgi?query=pfctl&sektion=8&apropos=0&manpath=FreeBSD+6.2-RELEASE > > http://www.freebsd.org/cgi/man.cgi?query=pf.conf&apropos=0&sektion=0&manpath=FreeBSD+6.2-RELEASE&format=html > > -- > Bill Moran > http://www.potentialtech.com > Yes, I have IPFIlTER installed, but if I would want to everybody ping to everybody and then block the things in the firewall, it isn't about routes? because neighter of my networks are pinging to any other right now. By ping I mean have access. I thought it would have something to do with setting routes. BTW, my ipfilter now just pass everything because I'm building the server, but I already have a config file with the blocks that I would apply.