From owner-freebsd-questions Thu Oct 11 11:25:17 2001 Delivered-To: freebsd-questions@freebsd.org Received: from kanawha.cnpapers.net (kanawha.cnpapers.net [208.247.228.5]) by hub.freebsd.org (Postfix) with ESMTP id 30E4037B405 for ; Thu, 11 Oct 2001 11:25:10 -0700 (PDT) Received: from is-ua2.cnpapers.com (magicisland.cnpapers.net [208.247.228.110]) by kanawha.cnpapers.net (8.9.3/8.8.7) with ESMTP id OAA21448; Thu, 11 Oct 2001 14:35:05 -0400 Message-Id: <5.1.0.14.2.20011011142254.041fb008@mail.cnpapers.com> X-Sender: jholstein@mail.cnpapers.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 11 Oct 2001 14:25:10 -0400 To: freebsd-questions@freebsd.org From: "John Holstein, IS" Subject: Re: gateway and multiple subnets up and running In-Reply-To: <5.1.0.14.2.20011011121616.041a9ad8@mail.cnpapers.com> References: <5.1.0.14.2.20011011085700.0424d628@mail.cnpapers.com> <20011010203259.S387@blossom.cjclark.org> <5.1.0.14.2.20011010141951.0419e750@mail.cnpapers.com> <5.1.0.14.2.20011009143853.041e3ec8@pop.cotse.com> <5.1.0.14.2.20011009143853.041e3ec8@pop.cotse.com> <20011009232857.D387@blossom.cjclark.org> <5.1.0.14.2.20011010141951.0419e750@mail.cnpapers.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG At 12:20 PM 10/11/2001 -0400, you wrote: >At 08:59 AM 10/11/2001 -0400, you wrote: >>At 08:32 PM 10/10/2001 -0700, you wrote: >>>On Wed, Oct 10, 2001 at 02:47:16PM -0400, John Holstein, IS wrote: >>> > At 11:28 PM 10/9/2001 -0700, you wrote: >>> >>>[snip] >>> >>> > >So, are you saying the real picture is, >>> > > >>> > > 192.168.0.x -----} >>> > > 192.168.1.x -----} >>> > > }--Cisco Router--|ed0 FreeBSD GW ed1|---- internet >>> > > 192.9.200.x -----} >>> > > 192.9.205.x -----} >>> > >>> > This is exactly what I need to do. >>> > >>> > >If that's the case, you just need to add the routes on the FreeBSD >>> > >gateway, >>> > > >>> > > # route add net 192.168.0.0 >>> > > # route add net 192.168.1.0 >>> > > # route add net 192.168.200.0 >>> > > # route add net 192.168.205.0 >>> > > >>> > >Where is the IP address of the router's interface on >>> > >the network with the FreeBSD box's ed0. >>> > > >>> > >To load these at boot, put something like, >>> > > >>> > > static_routes="0 1 200 205" >>> > > route_0="net 192.168.0.0 " >>> > > route_1="net 192.168.0.0 " >>> > > route_200="net 192.168.200.0 " >>> > > route_205="net 192.168.205.0 " >>> > > >>> > >In rc.conf(5). >>> > >>> > I think I am missing something. I have done the above, completely, >>> > including adding the routes to rc.conf but if I sit a box on _any_ subnet >>> > other than 192.9.200 (the same subnet as ed0), I cannot get out. >>> >>>OK, then the picture is not right. It should be (?), >>> >>> 192.168.0.x --} >>> 192.168.1.x --}-Cisco Router-{ 192.9.200.x }-|ed0 FreeBSD GW ed1|- >>> internet >>> 192.9.205.x --} >>> >>>In this case, you need to take the references to 192.9.205.0 out of >>>the routing stuff. (Sorry about the "192.168" typos where I should have >>>put "192.9" in there. 192.9.205.0 is owned by Sun Microsystems, >>>BTW. That you?) >>> >>>I'm sensing that you may not have your various networks properly >>>subnetted here. Could _you_ draw us a picture with all of the >>>networks (including masks) and gateways? >>>-- >>>Crist J. Clark cjclark@alum.mit.edu >>> cjclark@jhu.edu >>> cjc@freebsd.org >> >> >> >>At >>http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/bridging.html >>down near section: >>17.3.3.3 Firewall Support >> >>It is mentioned that a firewall option should be enabled to handle non-ip >>bridging. Where does the option IPFIREWALL_DEFAULT_TO_ACCEPT go? ipf.rules? >> >> >> >>John Holstein >> > > > >I am now able to ping the FreeBSD box from any IP on any of the four >subnets. I figured out a routing problem. As far as I can tell, when >setting the route, you must: > >route add -net xxx.xxx.xxx.xxx -interface ed0 > >and the subnet mask as stated in the ifconfig line for ed0 in rc.conf must >be open enough to allow the broad spectrum of subnets through. > >next problem: > >I still can't get the FreeBSD to gate _any_ of the subnets from ed0 to ed1. > >before setting up the routing, it would work fine on a single subnet. > >still leaning toward a bridge, any thoughts? > > >John Holstein > Call me stupid. Neither myself nor any of the folks that were helping me came up with this one: How about opening up ipnat.rules to allow the other subnets through? No special routing required. Fine bunch of FreeBSD admin's we are ;p Just figured it out a few moments ago. John Holstein To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message