Date: Thu, 11 Oct 2001 14:25:10 -0400 From: "John Holstein, IS" <jholstein@cnpapers.com> To: freebsd-questions@freebsd.org Subject: Re: gateway and multiple subnets up and running Message-ID: <5.1.0.14.2.20011011142254.041fb008@mail.cnpapers.com> In-Reply-To: <5.1.0.14.2.20011011121616.041a9ad8@mail.cnpapers.com> References: <5.1.0.14.2.20011011085700.0424d628@mail.cnpapers.com> <20011010203259.S387@blossom.cjclark.org> <5.1.0.14.2.20011010141951.0419e750@mail.cnpapers.com> <5.1.0.14.2.20011009143853.041e3ec8@pop.cotse.com> <5.1.0.14.2.20011009143853.041e3ec8@pop.cotse.com> <20011009232857.D387@blossom.cjclark.org> <5.1.0.14.2.20011010141951.0419e750@mail.cnpapers.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:20 PM 10/11/2001 -0400, you wrote:
>At 08:59 AM 10/11/2001 -0400, you wrote:
>>At 08:32 PM 10/10/2001 -0700, you wrote:
>>>On Wed, Oct 10, 2001 at 02:47:16PM -0400, John Holstein, IS wrote:
>>> > At 11:28 PM 10/9/2001 -0700, you wrote:
>>>
>>>[snip]
>>>
>>> > >So, are you saying the real picture is,
>>> > >
>>> > > 192.168.0.x -----}
>>> > > 192.168.1.x -----}
>>> > > }--Cisco Router--|ed0 FreeBSD GW ed1|---- internet
>>> > > 192.9.200.x -----}
>>> > > 192.9.205.x -----}
>>> >
>>> > This is exactly what I need to do.
>>> >
>>> > >If that's the case, you just need to add the routes on the FreeBSD
>>> > >gateway,
>>> > >
>>> > > # route add net 192.168.0.0 <Cisco Router IP>
>>> > > # route add net 192.168.1.0 <Cisco Router IP>
>>> > > # route add net 192.168.200.0 <Cisco Router IP>
>>> > > # route add net 192.168.205.0 <Cisco Router IP>
>>> > >
>>> > >Where <Cisco Router IP> is the IP address of the router's interface on
>>> > >the network with the FreeBSD box's ed0.
>>> > >
>>> > >To load these at boot, put something like,
>>> > >
>>> > > static_routes="0 1 200 205"
>>> > > route_0="net 192.168.0.0 <Cisco Router IP>"
>>> > > route_1="net 192.168.0.0 <Cisco Router IP>"
>>> > > route_200="net 192.168.200.0 <Cisco Router IP>"
>>> > > route_205="net 192.168.205.0 <Cisco Router IP>"
>>> > >
>>> > >In rc.conf(5).
>>> >
>>> > I think I am missing something. I have done the above, completely,
>>> > including adding the routes to rc.conf but if I sit a box on _any_ subnet
>>> > other than 192.9.200 (the same subnet as ed0), I cannot get out.
>>>
>>>OK, then the picture is not right. It should be (?),
>>>
>>> 192.168.0.x --}
>>> 192.168.1.x --}-Cisco Router-{ 192.9.200.x }-|ed0 FreeBSD GW ed1|-
>>> internet
>>> 192.9.205.x --}
>>>
>>>In this case, you need to take the references to 192.9.205.0 out of
>>>the routing stuff. (Sorry about the "192.168" typos where I should have
>>>put "192.9" in there. 192.9.205.0 is owned by Sun Microsystems,
>>>BTW. That you?)
>>>
>>>I'm sensing that you may not have your various networks properly
>>>subnetted here. Could _you_ draw us a picture with all of the
>>>networks (including masks) and gateways?
>>>--
>>>Crist J. Clark cjclark@alum.mit.edu
>>> cjclark@jhu.edu
>>> cjc@freebsd.org
>>
>>
>>
>>At
>>http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/bridging.html
>>down near section:
>>17.3.3.3 Firewall Support
>>
>>It is mentioned that a firewall option should be enabled to handle non-ip
>>bridging. Where does the option IPFIREWALL_DEFAULT_TO_ACCEPT go? ipf.rules?
>>
>>
>>
>>John Holstein
>>
>
>
>
>I am now able to ping the FreeBSD box from any IP on any of the four
>subnets. I figured out a routing problem. As far as I can tell, when
>setting the route, you must:
>
>route add -net xxx.xxx.xxx.xxx -interface ed0
>
>and the subnet mask as stated in the ifconfig line for ed0 in rc.conf must
>be open enough to allow the broad spectrum of subnets through.
>
>next problem:
>
>I still can't get the FreeBSD to gate _any_ of the subnets from ed0 to ed1.
>
>before setting up the routing, it would work fine on a single subnet.
>
>still leaning toward a bridge, any thoughts?
>
>
>John Holstein
>
Call me stupid.
Neither myself nor any of the folks that were helping me came up with this one:
How about opening up ipnat.rules to allow the other subnets through? No
special routing required. Fine bunch of FreeBSD admin's we are ;p
Just figured it out a few moments ago.
John Holstein
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.1.0.14.2.20011011142254.041fb008>