Date: Sun, 09 Sep 2001 13:44:56 +1000 From: Robert Moss <rmoss@bigpond.net.au> To: "Wing Tim" <twchim1@hotmail.com>, freebsd-questions@FreeBSD.ORG Subject: Re: Problems about routing Message-ID: <5.0.2.1.0.20010909133946.00ae3b90@localhost> In-Reply-To: <F30qmvcMU1IcgWUP5t2000010e8@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Two problems here: you are firewalling, and routing incorrectly. 1) When you are testing, take off the firewall. Only when you know for certain your setup is working correctly should you start playing with firewall rules. 2) Your routing wont work, your doing it the wrong way. You can't (easily) have the same network across two interfaces. I suggest you change machine1 to have a different ip RANGE, so instead of 192.168.0.1 have it 192.168.1.1 Also you will need to change the interface on Machine2 so it is on the same network. If you are unsure as to why you need to do this, i suggest you read up on some TCP/IP books. rob. At 01:04 AM 9/09/2001 +0800, Wing Tim wrote: >Hello, > >I have 3 machines. Machine 1 has 1 Ethernet card E1 with IP 192.168.0.1 >and is running Windows 2000 Server. Machine 2 has 2 Ethernet cards E2 with >IP 192.168.0.2 and E3 with IP 192.168.0.3 and is running FreeBSD 4.2 >Release. Machine 3 has 1 Ethernet card E4 with IP 192.168.0.4. I really >want to use the FreeBSD machine to control the data flow between Machine 1 >and Machine 3 and so I have set up a firewall gateway in it. I have added >the following into the kernel configuration file GENERIC: > >options IPFIREWALL >options IPFIREWALL_VERBOSE >options IPFIREWALL_DEFAULT_TO_ACCEPT >options IPFIREWALL_VERBOSE_LIMIT = 200 >options IPDIVERT > >options DUMMYNET >options BRIDGE > >Then recompile everything and add the following into rc.conf: >gateway_enable=YES >firewall_enable="YES" >firewall_type="open" >firewall_quite="NO" > >sysctl -w net.link.ether.bridge=1 > >After that, I found Machine 1 can ping E2 and E3 but not E4. Also Machine >2 can ping E1 and E4. Upon running "ifconfig -a", I found E2 belongs to >xl0 and E3 belongs to vx0. However, when running "netstat -r", I totally >can't find the entry of vx0 just like those for xl0. Can anyone tell me >what mistake I have made? What should I change so that Machine 1 can ping >Machine 3? > >Thanks very much for all your help! > >Regards, >Wing > > > >_________________________________________________________________ >Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.2.1.0.20010909133946.00ae3b90>