From owner-freebsd-questions Sat Oct 7 4:22:43 2000 Delivered-To: freebsd-questions@freebsd.org Received: from vexpert.dbai.tuwien.ac.at (vexpert.dbai.tuwien.ac.at [128.130.111.12]) by hub.freebsd.org (Postfix) with ESMTP id A4E7837B502 for ; Sat, 7 Oct 2000 04:22:39 -0700 (PDT) Received: from [128.130.111.2] (deneb [128.130.111.2]) by vexpert.dbai.tuwien.ac.at (8.9.3/8.9.3) with ESMTP id NAA13198 for ; Sat, 7 Oct 2000 13:22:38 +0200 (MET DST) Date: Sat, 7 Oct 2000 13:22:37 +0200 (CEST) From: Toni Pisjak To: freebsd-questions@freebsd.org Subject: Two network adapters in a firewall Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello ! I try to setup a firewall, but have a problem to get working two network adapters together in one machine. I began with a small test configuration of two client machines with the firewal between them, and now - because of the above mentioned problem - reduced this configuration to one client connected to the firewall. The problem in detail: Both net adapters work, if only one of them is mounted in the firewall. Whenever i build in *both* adapters, only the first adapter gives connection between firewall and client. What happens if i connect firewall and client with the *not* working network adapter and call the "ping" command: - "ping" from firewall to client: "sendto: Host is down" - "ping" from client to firewall: "no answer from " - adapter LED is blinking - "ifconfig" says: both adapters are exist and are "UP" - in BIOS there seem to be no conflicts (IRQ etc.) - unregularely and not alway reproducable, there are the following messages in /var/log/messages: kernel: arp: is on fxp0 but got reply from on fxp1 where fxp0 is the working adapter interface (fxp1 is the not working one) "ping" reacts different, if i deactivate the working adapter per "ifconfig": - "ping" from firewall to client: "Network is down" - "ping" from client to firewall: at the firewall console the following message appears: "arplookup failed: host is not on local network" The configuration in detail: - The firewall (ipfw) has the only rule: allow all from any to any - ifconfig's output seems to be OK - i tested both different and same ip-addresses for the two net adapters - i tested with different but reasonable values for gateway, netmask etc. A colleague of mine had the idea, that i have to explicitely tell the firewall, which network interface to choose, when sending out a package. At the moment i can't test this (becauese i'm not at work), but perhaps this could be the solution. Any other ideas ? Thanks in advance: Toni. -- Toni Pisjak Technische Universitaet Wien pisjak@dbai.tuwien.ac.at http://www.dbai.tuwien.ac.at To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message