From owner-freebsd-questions  Thu Aug 15 21: 0:52 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 84DB337B400
	for <questions@FreeBSD.ORG>; Thu, 15 Aug 2002 21:00:48 -0700 (PDT)
Received: from empty1.ekahuna.com (empty1.ekahuna.com [198.144.200.196])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9661A43E65
	for <questions@FreeBSD.ORG>; Thu, 15 Aug 2002 21:00:44 -0700 (PDT)
	(envelope-from pjklist@ekahuna.com)
Received: from pc-17 (dyn205.ekahuna.com [198.144.200.205])
          by empty1.ekahuna.com (Post.Office MTA v3.5.3 release 223
          ID# 0-0U10L2S100V35) with ESMTP id com
          for <questions@FreeBSD.ORG>; Thu, 15 Aug 2002 21:00:44 -0700
From: "Philip J. Koenig" <pjklist@ekahuna.com>
Organization: The Electric Kahuna Organization
To: questions@FreeBSD.ORG
Date: Thu, 15 Aug 2002 21:00:42 -0700
MIME-Version: 1.0
Subject: IPF/routing question
Reply-To: pjklist@ekahuna.com
X-mailer: Pegasus Mail for Windows (v4.02)
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
Message-ID: <20020816040044002.AAA319@empty1.ekahuna.com@dyn205.ekahuna.com>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Trying to build a firewall out of a FreeBSD box using IPfilter.

Current problem pertains to routing, not having played with routing 
on FreeBSD before, I think I'm doing something wrong syntax-wise. 
(spartan manpage for 'route' doesn't help)

Here's the setup (public IP addresses changed):

   ISP
     |   1.1.1.1
     |                    (routable addresses)
     |   1.1.1.2
|----------|
|          |    Router
|----------|  
     |   10.1.1.1
     |                    (RFC 1918 private addresses)
     |   10.1.1.2
|----------|
|          |  FreeBSD / IPfilter
|----------|
     |   2.2.2.1
     |                     (routable addresses)
     |
   LAN (2.2.2.0/24)


The router has been configured with a default route pointing to its 
external interface, and connectivity works fine from the router to 
the internet.  A static route has been configured to get to 
2.2.2.0/24 via 10.1.1.2.

Started out on the BSD box configuring the default gateway in rc.conf 
as 10.1.1.1, but that didn't seem to help.  rc.conf contains a 
"gateway enable" statement.

Tried the following variations, but the route either doesn't show up 
as expected in the routing table, or the machine locks-up trying to 
display the routing table. (netstat -r)

route add default 10.1.1.1
route add 0.0.0.0 10.1.1.1
route add -interface default 10.1.1.1

(can't figure out from the manpage exactly what the -interface 
command actually does, or if it needs add'l arguments, but it appears 
to help prevent the machine from locking up while displaying the 
routing table)

I can ping 10.1.1.2 and 1.1.1.2 from the FreeBSD box, but not beyond, 
so I assume this is a default route problem.

Thanks for your suggestions,

Phil


--
Philip J. Koenig                                       
pjklist@ekahuna.com
Electric Kahuna Systems -- Computers & Communications for the New 
Millenium



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message