Date: Fri, 23 Nov 2007 12:33:26 -0200 From: "Alaor Barroso de Carvalho Neto" <alaorneto@gmail.com> To: "Bill Moran" <wmoran@potentialtech.com> Cc: freebsd-questions@freebsd.org Subject: Re: routing problem Message-ID: <2949641c0711230633t562adcd6j4792f72719ca9bf6@mail.gmail.com> In-Reply-To: <20071123091111.e5cfa679.wmoran@potentialtech.com> References: <2949641c0711210609xc9fcb89t8217cd0995d1c86b@mail.gmail.com> <474440FC.5090901@ibctech.ca> <2949641c0711210644y3ffe8d19ub409b581971e2b1d@mail.gmail.com> <2949641c0711210646p7ded7321g66c4978bb56f1868@mail.gmail.com> <47444C3C.3000003@ibctech.ca> <2949641c0711230452t202d4875k821d5ff753ca0307@mail.gmail.com> <20071123083415.838efb76.wmoran@potentialtech.com> <2949641c0711230541l1d031b93t6f095b7e0853577d@mail.gmail.com> <20071123091111.e5cfa679.wmoran@potentialtech.com>
index | next in thread | previous in thread | raw e-mail
2007/11/23, Bill Moran <wmoran@potentialtech.com>: > > "Alaor Barroso de Carvalho Neto" <alaorneto@gmail.com> wrote: > > > > 2007/11/23, Bill Moran <wmoran@potentialtech.com>: > > > > > > "Alaor Barroso de Carvalho Neto" <alaorneto@gmail.com> wrote: > > > > > > > > OK guyz, I did some tests and I found the error, like you said, it's > a > > > > config problem with the routes, I thought the routed daemon would > care of it > > > > for me but it seems like it don't. Please I ask you to forget the > scenario I > > > > said before, now what i have is: > > > > > > > > The dns server is now with the IP 192.168.1.1. But to turn things > more easy > > > > I installed it in the FreeBSD box that is gonna be my gateway and > proxy > > > > machine, so the problem isn't about the dns anymore. > > > > > > > > I work in a school and I have now this sccenario two local networks, > > > > 192.168.1/24, an administrative network and 192.168.2/24, an > academic > > > > network, plus I must have access to a network of other school with > the ip > > > > 10.10/16, because they share their database serverwith us. So the > FreeBSD > > > > machine have four network cards: > > > > > > > > em0 external world XXX.XXX.XXX.XXX > > > > rl0 adm 192.168.1.80 > > > > rl1 acad 192.168.2.90 > > > > rl3 database 10.10.0.50 > > > > > > > > They are all separated networks. What I want: 192.168.2 should only > access > > > > the internet, shouldn't have access to 192.168.1 or 10.10/16. > > > > 192.168.1should access the internet and > > > > 10.10/16, but shouldn't access the academic network. 10.10/16 should > access > > > > only the 192.168.1 network, but it's not a problem if they had > access to > > > > internet too. > > > > > > > > How I would set up my rc.conf with my static routes? > > > > > > This is beyond the scope of routing. You'll need to install a packet > > > filter. The best at this time is probably pf: > > > > > > > http://www.freebsd.org/cgi/man.cgi?query=pfctl&sektion=8&apropos=0&manpath=FreeBSD+6.2-RELEASE > > > > > > > http://www.freebsd.org/cgi/man.cgi?query=pf.conf&apropos=0&sektion=0&manpath=FreeBSD+6.2-RELEASE&format=html > > > > Yes, I have IPFIlTER installed, but if I would want to everybody ping to > > everybody and then block the things in the firewall, it isn't about > routes? > > because neighter of my networks are pinging to any other right now. By > ping > > I mean have access. I thought it would have something to do with setting > > routes. BTW, my ipfilter now just pass everything because I'm building > the > > server, but I already have a config file with the blocks that I would > apply. > > That's a completely different scenario than the one you described in > your previous message. > > Do you have gatetway_enable="YES" in /etc/rc.conf? > > -- > Bill Moran > http://www.potentialtech.com > Yeah, I know, I was trying to make it work with only adm and external, but the real scenario I have is this. Yes I have this line, my rc.conf is like this: [...] gateway_enable="yes" defaultrouter="XXX.XXX.XXX.158" (the external ip) ifconfig_em0="inet XXX.XXX.XXX.130 netmask 255.255.255.227" ifconfig_rl0="inet 192.168.1.80 netmask 255.255.255.0" ifconfig_rl1="inet 192.168.2.90 netmask 255.255.255.0" ifconfig_rl2="inet 10.10.0.50 netmask 255.255.0.0" [...] I don't know if that matters, but the yes should be YES to things work? I'd kill myself if this is the problem.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2949641c0711230633t562adcd6j4792f72719ca9bf6>