From owner-freebsd-questions Sat Sep 8 20:59:25 2001 Delivered-To: freebsd-questions@freebsd.org Received: from lloydix.2y.net (wks-166-135-66.kscable.com [24.166.135.66]) by hub.freebsd.org (Postfix) with ESMTP id DAE1937B401 for ; Sat, 8 Sep 2001 20:59:17 -0700 (PDT) Received: from xidnalg (xidnalg [192.168.0.2]) by lloydix.2y.net (8.11.3/8.11.3) with SMTP id f893x5D15352 for ; Sat, 8 Sep 2001 22:59:06 -0500 (CDT) (envelope-from glandix@lloydix.2y.net) Message-ID: <006401c138e3$c4256040$0200a8c0@2y.net> From: "gLaNDix" To: References: <5.0.2.1.0.20010909133946.00ae3b90@localhost> <005101c138e3$95199d20$0200a8c0@2y.net> Subject: Re: Problems about routing Date: Sat, 8 Sep 2001 22:59:02 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG crap... sorry about the multiple posts... my mail client is acting screwy today ------------------------- Jesse (gLaNDix) Kaufman glandix@lloydix.2y.net http://lloydix.2y.net ------------------------- <<< FreeBSD lloydix.2y.net FreeBSD 4.3-RELEASE #1: Tue Aug 14 02:48:31 CDT 2001 glandix@lloydix.2y.net:/usr/src/sys/compile/LLOYDIX i386 >>> ----- Original Message ----- From: "gLaNDix" To: Sent: Saturday, September 08, 2001 10:57 PM Subject: Re: Problems about routing > Is there a good example of a "normal" (somewhat lenient) set of rules for > IPFW? I've messed around with 'firewall_type="OPEN"', and > 'firewall_type="SIMPLE"', but there are some other things I'd like to add > to them... I guess I could just add them into the /etc/rc.firewall file, > but is that a good way to alter your firewall rules or is there a better > way? > > ------------------------- > Jesse (gLaNDix) Kaufman > glandix@lloydix.2y.net > http://lloydix.2y.net > ------------------------- > > <<< FreeBSD lloydix.2y.net FreeBSD 4.3-RELEASE #1: Tue Aug 14 02:48:31 CDT > 2001 glandix@lloydix.2y.net:/usr/src/sys/compile/LLOYDIX i386 >>> > > ----- Original Message ----- > From: "Robert Moss" > To: "Wing Tim" ; > Sent: Saturday, September 08, 2001 10:44 PM > Subject: Re: Problems about routing > > > > Two problems here: you are firewalling, and routing incorrectly. > > > > 1) When you are testing, take off the firewall. Only when you know for > > certain your setup is working correctly should you start playing with > > firewall rules. > > > > 2) Your routing wont work, your doing it the wrong way. > > You can't (easily) have the same network across two interfaces. > > I suggest you change machine1 to have a different ip RANGE, so instead > of > > 192.168.0.1 have it 192.168.1.1 > > Also you will need to change the interface on Machine2 so it is on the > same > > network. > > > > If you are unsure as to why you need to do this, i suggest you read up > on > > some TCP/IP books. > > > > rob. > > > > At 01:04 AM 9/09/2001 +0800, Wing Tim wrote: > > >Hello, > > > > > >I have 3 machines. Machine 1 has 1 Ethernet card E1 with IP 192.168.0.1 > > >and is running Windows 2000 Server. Machine 2 has 2 Ethernet cards E2 > with > > >IP 192.168.0.2 and E3 with IP 192.168.0.3 and is running FreeBSD 4.2 > > >Release. Machine 3 has 1 Ethernet card E4 with IP 192.168.0.4. I really > > >want to use the FreeBSD machine to control the data flow between > Machine 1 > > >and Machine 3 and so I have set up a firewall gateway in it. I have > added > > >the following into the kernel configuration file GENERIC: > > > > > >options IPFIREWALL > > >options IPFIREWALL_VERBOSE > > >options IPFIREWALL_DEFAULT_TO_ACCEPT > > >options IPFIREWALL_VERBOSE_LIMIT = 200 > > >options IPDIVERT > > > > > >options DUMMYNET > > >options BRIDGE > > > > > >Then recompile everything and add the following into rc.conf: > > >gateway_enable=YES > > >firewall_enable="YES" > > >firewall_type="open" > > >firewall_quite="NO" > > > > > >sysctl -w net.link.ether.bridge=1 > > > > > >After that, I found Machine 1 can ping E2 and E3 but not E4. Also > Machine > > >2 can ping E1 and E4. Upon running "ifconfig -a", I found E2 belongs to > > >xl0 and E3 belongs to vx0. However, when running "netstat -r", I > totally > > >can't find the entry of vx0 just like those for xl0. Can anyone tell me > > >what mistake I have made? What should I change so that Machine 1 can > ping > > >Machine 3? > > > > > >Thanks very much for all your help! > > > > > >Regards, > > >Wing > > > > > > > > > > > >_________________________________________________________________ > > >Get your FREE download of MSN Explorer at > http://explorer.msn.com/intl.asp > > > > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > > >with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message