From owner-freebsd-questions@FreeBSD.ORG  Thu Feb  8 13:34:42 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 4CDB716A51C
	for <freebsd-questions@freebsd.org>;
	Thu,  8 Feb 2007 13:34:38 +0000 (UTC)
	(envelope-from wmoran@collaborativefusion.com)
Received: from mx00.pub.collaborativefusion.com
	(mx00.pub.collaborativefusion.com [206.210.89.199])
	by mx1.freebsd.org (Postfix) with ESMTP id D772C13C481
	for <freebsd-questions@freebsd.org>;
	Thu,  8 Feb 2007 13:34:37 +0000 (UTC)
	(envelope-from wmoran@collaborativefusion.com)
Received: from vanquish.pgh.priv.collaborativefusion.com
	(vanquish.pgh.priv.collaborativefusion.com [192.168.2.61])
	(SSL: TLSv1/SSLv3,256bits,AES256-SHA)
	by wingspan with esmtp; Thu, 08 Feb 2007 08:34:37 -0500
	id 00056405.45CB26ED.000153AC
Date: Thu, 8 Feb 2007 08:34:36 -0500
From: Bill Moran <wmoran@collaborativefusion.com>
To: George.Vanev@gmail.com
Message-Id: <20070208083436.14bcef3f.wmoran@collaborativefusion.com>
In-Reply-To: <6f4f57f60702080514n388e435fmfa7d46e10723be77@mail.gmail.com>
References: <6f4f57f60702080210m5d3ffbc1o33105f1b75564963@mail.gmail.com>
	<20070208080613.9eb65d64.wmoran@collaborativefusion.com>
	<6f4f57f60702080514n388e435fmfa7d46e10723be77@mail.gmail.com>
Organization: Collaborative Fusion
X-Mailer: Sylpheed 2.3.0 (GTK+ 2.10.7; i386-portbld-freebsd6.1)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: FreeBSD Questions <freebsd-questions@freebsd.org>
Subject: Re: Routing problem
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Feb 2007 13:34:43 -0000

In response to "George Vanev" <george.vanev@gmail.com>:

> On 2/8/07, Bill Moran <wmoran@collaborativefusion.com> wrote:
> >
> > In response to "George Vanev" <george.vanev@gmail.com>:
> >
> > > I have FreeBSD 6.2 box with 1 NIC and 2 IPs.
> > > The first IP is to access internet, the second
> > > is for the ISP's LAN.
> > > Unfortunately I have internet, but no access to
> > > the other network.
> > >
> > > I made a test. I assigned to the NIC only the local
> > > IP and removed the defaultrouter. Then, of course,
> > > I have no internet but was able to access the ISP's
> > > network.
> > >
> > > I've tried everything I know, but still nothing
> >
> > Consider providing more details, such as the output of ifconfig and
> > netstat -rn.
> >
> > Sure sounds like a routing issue, but I doubt anyone can say anything
> > more without details.
> 
> You are right.
> 
> ifconfig
> ----------
> rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         options=8<VLAN_MTU>
>         inet 212.25.37.96 netmask 0xffffff00 broadcast 212.25.37.255
>         inet 192.168.67.41 netmask 0xfffffc00 broadcast 192.168.67.255
>         ether 00:17:31:e7:92:18
>         media: Ethernet autoselect (100baseTX <full-duplex>)
>         status: active
> rl1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         options=8<VLAN_MTU>
>         inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
>         ether 00:50:bf:d5:f1:33
>         media: Ethernet autoselect (100baseTX <full-duplex>)
>         status: active
> plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
>         inet 127.0.0.1 netmask 0xff000000
> 
> 
> 
> 
> Routing tables
> 
> Internet:
> Destination        Gateway            Flags    Refs      Use  Netif Expire
> default            212.25.37.1        UGS         0   458268    rl0
> 10/24              link#2             UC          0        0    rl1
> 10.0.0.2           00:15:60:ae:f7:61  UHLW        1   231827    rl1    922
> 10.0.0.3           00:17:08:2d:08:26  UHLW        1     1686    rl1   1004
> 10.0.0.255         ff:ff:ff:ff:ff:ff  UHLWb       1       67    rl1
> 127.0.0.1          127.0.0.1          UH          0        0    lo0
> 192.168.64/22      link#1             UC          0        0    rl0
> 192.168.64.1       00:02:a5:90:a9:b6  UHLW        1        0    rl0   1200
> 192.168.64.3       00:17:08:58:83:8d  UHLW        1        0    rl0   1113
> 212.25.37          link#1             UC          0        0    rl0
> 212.25.37.1        00:02:a5:90:a9:b6  UHLW        2        0    rl0   1195
> In this case I can't access nothing from 192.168.64/22

Nothing?  You're able to arp 192.168.64.1 and 192.168.64.3, can you ping
them?

Since you have an RFC-1918 address on both the inside and the outside, I
assume you're running nat on this machine to translate internal machine
traffic.  It looks like you have all the routes you need, so my _guess_
at this point is that when the public address is up, the nat is preventing
traffic from going out that interface without being translated.  Once it
has a public address, it can't route properly on the 192.168.64/22 space.

Have a look at what you're using for nat.  If you can't see anything
obviously at odds, post your nat/firewall/related config.

-- 
Bill Moran
Collaborative Fusion Inc.