From owner-freebsd-questions Thu Oct 11 9:20:23 2001 Delivered-To: freebsd-questions@freebsd.org Received: from kanawha.cnpapers.net (kanawha.cnpapers.net [208.247.228.5]) by hub.freebsd.org (Postfix) with ESMTP id 1F48237B407 for ; Thu, 11 Oct 2001 09:20:14 -0700 (PDT) Received: from is-ua2.cnpapers.com (fw162.cnpapers.net [208.247.228.162]) by kanawha.cnpapers.net (8.9.3/8.8.7) with ESMTP id MAA15090 for ; Thu, 11 Oct 2001 12:30:39 -0400 Message-Id: <5.1.0.14.2.20011011121616.041a9ad8@mail.cnpapers.com> X-Sender: jholstein@mail.cnpapers.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 11 Oct 2001 12:20:44 -0400 To: freebsd-questions@freebsd.org From: "John Holstein, IS" Subject: Re: gateway and multiple subnets update In-Reply-To: <5.1.0.14.2.20011011085700.0424d628@mail.cnpapers.com> References: <20011010203259.S387@blossom.cjclark.org> <5.1.0.14.2.20011010141951.0419e750@mail.cnpapers.com> <5.1.0.14.2.20011009143853.041e3ec8@pop.cotse.com> <5.1.0.14.2.20011009143853.041e3ec8@pop.cotse.com> <20011009232857.D387@blossom.cjclark.org> <5.1.0.14.2.20011010141951.0419e750@mail.cnpapers.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 08:59 AM 10/11/2001 -0400, you wrote: >At 08:32 PM 10/10/2001 -0700, you wrote: >>On Wed, Oct 10, 2001 at 02:47:16PM -0400, John Holstein, IS wrote: >> > At 11:28 PM 10/9/2001 -0700, you wrote: >> >>[snip] >> >> > >So, are you saying the real picture is, >> > > >> > > 192.168.0.x -----} >> > > 192.168.1.x -----} >> > > }--Cisco Router--|ed0 FreeBSD GW ed1|---- internet >> > > 192.9.200.x -----} >> > > 192.9.205.x -----} >> > >> > This is exactly what I need to do. >> > >> > >If that's the case, you just need to add the routes on the FreeBSD >> > >gateway, >> > > >> > > # route add net 192.168.0.0 >> > > # route add net 192.168.1.0 >> > > # route add net 192.168.200.0 >> > > # route add net 192.168.205.0 >> > > >> > >Where is the IP address of the router's interface on >> > >the network with the FreeBSD box's ed0. >> > > >> > >To load these at boot, put something like, >> > > >> > > static_routes="0 1 200 205" >> > > route_0="net 192.168.0.0 " >> > > route_1="net 192.168.0.0 " >> > > route_200="net 192.168.200.0 " >> > > route_205="net 192.168.205.0 " >> > > >> > >In rc.conf(5). >> > >> > I think I am missing something. I have done the above, completely, >> > including adding the routes to rc.conf but if I sit a box on _any_ subnet >> > other than 192.9.200 (the same subnet as ed0), I cannot get out. >> >>OK, then the picture is not right. It should be (?), >> >> 192.168.0.x --} >> 192.168.1.x --}-Cisco Router-{ 192.9.200.x }-|ed0 FreeBSD GW ed1|- >> internet >> 192.9.205.x --} >> >>In this case, you need to take the references to 192.9.205.0 out of >>the routing stuff. (Sorry about the "192.168" typos where I should have >>put "192.9" in there. 192.9.205.0 is owned by Sun Microsystems, >>BTW. That you?) >> >>I'm sensing that you may not have your various networks properly >>subnetted here. Could _you_ draw us a picture with all of the >>networks (including masks) and gateways? >>-- >>Crist J. Clark cjclark@alum.mit.edu >> cjclark@jhu.edu >> cjc@freebsd.org > > > >At http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/bridging.html >down near section: >17.3.3.3 Firewall Support > >It is mentioned that a firewall option should be enabled to handle non-ip >bridging. Where does the option IPFIREWALL_DEFAULT_TO_ACCEPT go? ipf.rules? > > > >John Holstein > > I am now able to ping the FreeBSD box from any IP on any of the four subnets. I figured out a routing problem. As far as I can tell, when setting the route, you must: route add -net xxx.xxx.xxx.xxx -interface ed0 and the subnet mask as stated in the ifconfig line for ed0 in rc.conf must be open enough to allow the broad spectrum of subnets through. next problem: I still can't get the FreeBSD to gate _any_ of the subnets from ed0 to ed1. before setting up the routing, it would work fine on a single subnet. still leaning toward a bridge, any thoughts? John Holstein To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message