Date: Sat, 7 Oct 2000 13:22:37 +0200 (CEST) From: Toni Pisjak <pisjak@dbai.tuwien.ac.at> To: freebsd-questions@freebsd.org Subject: Two network adapters in a firewall Message-ID: <Pine.BSF.4.21.0010071319230.9603-100000@deneb.dbai.tuwien.ac.at>
next in thread | raw e-mail | index | archive | help
Hello !
I try to setup a firewall, but have a problem to get working two network
adapters together in one machine. I began with a small test configuration
of two client machines with the firewal between them, and now - because of
the above mentioned problem - reduced this configuration to one client
connected to the firewall.
The problem in detail: Both net adapters work, if only one of them is
mounted in the firewall. Whenever i build in *both* adapters, only the
first adapter gives connection between firewall and client.
What happens if i connect firewall and client with the *not* working
network adapter and call the "ping" command:
- "ping" from firewall to client: "sendto: Host is down"
- "ping" from client to firewall: "no answer from <firewall-ip>"
- adapter LED is blinking
- "ifconfig" says: both adapters are exist and are "UP"
- in BIOS there seem to be no conflicts (IRQ etc.)
- unregularely and not alway reproducable, there are the following
messages in /var/log/messages:
kernel: arp:
<client-ip-addr> is on fxp0
but got reply from <client-MAC-Addr> on fxp1
where fxp0 is the working adapter interface (fxp1 is the not working
one)
"ping" reacts different, if i deactivate the working adapter per
"ifconfig":
- "ping" from firewall to client: "Network is down"
- "ping" from client to firewall: at the firewall console the
following message appears: "arplookup <client ip>
failed: host is not on local network"
The configuration in detail:
- The firewall (ipfw) has the only rule: allow all from any to any
- ifconfig's output seems to be OK
- i tested both different and same ip-addresses for the two net
adapters
- i tested with different but reasonable values for gateway, netmask
etc.
A colleague of mine had the idea, that i have to explicitely tell the
firewall, which network interface to choose, when sending out a package.
At the moment i can't test this (becauese i'm not at work), but perhaps
this could be the solution.
Any other ideas ?
Thanks in advance: Toni.
--
Toni Pisjak Technische Universitaet Wien
pisjak@dbai.tuwien.ac.at http://www.dbai.tuwien.ac.at
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0010071319230.9603-100000>