Date: Sun, 15 Oct 2000 01:44:21 -0500 From: Laurence Berland <stuyman@confusion.net> To: Gregory Sutter <gsutter@zer0.org> Cc: hackers@FreeBSD.ORG Subject: Re: Routing issues Message-ID: <39E95244.D5C0EDFF@confusion.net> References: <20001014233212.H3444@klapaucius.zer0.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Gregory Sutter wrote: > > I'm setting up a network that looks like this: > > --Internet----Router---Firewall > | > | /--- host > Switch----NAT-----<----- host > | \----- host > | \----- etc... > --------- > | | > email ns > > In other words, a fairly typical small network. I've got an 8-IP > subnet; all hosts outside the NAT have real IPs: > > router: 1.2.3.193 > firewall: 1.2.3.196 fxp0 > 1.2.3.197 fxp1 > nat: 1.2.3.198 > email: 1.2.3.194 > ns: 1.2.3.195 > > The problem I'm having is with my routing. Surprise. Here is > the routing table for the firewall: > > default 1.2.3.193 fxp0 > 1.2.3.193 link#1 fxp0 > 1.2.3.192/29 link#2 fxp1 > 1.2.3.196 lo0 > 1.2.3.197 lo0 > Now my network engineering is far from perfect (anyone have a network engineering intership for summer 2001? I do sysadmin and a little coding also...:) but it looks like the problem is that if the firewall is acting as a router (as opposed to a bridge, you don't say) then it will be seeing both its interfaces plus the router as being in the 1.2.3.192/29 subnet and is thus sending everything to fxp1. Or maybe I'm just nuts... > The gateway_enable (net.inet.ip.forwarding) is also enabled on > the firewall. > > >From the firewall, I can reach any host with no problems. However, > from hosts inside the firewall, I cannot reach outside, and vice > versa. I feel I must be missing something obvious, but have played > with routes for hours to no avail. Can you reach the router from the firewall? I say this because the default of fxp0 will let you get things off your net, but the router may be another story... > > Does anyone see a problem with the routing of this network? > > Greg > -- > Gregory S. Sutter Computing is a terminal addiction. > mailto:gsutter@zer0.org > http://www.zer0.org/~gsutter/ > PGP DSS public key 0x40AE3052 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message -- Laurence Berland Intern, Flooz.com Northwestern '04 stuyman@confusion.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39E95244.D5C0EDFF>