From owner-freebsd-hackers Sat Oct 14 23:45:32 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from hecky.it.northwestern.edu (hecky.acns.nwu.edu [129.105.16.51]) by hub.freebsd.org (Postfix) with ESMTP id 0D21337B673 for ; Sat, 14 Oct 2000 23:45:29 -0700 (PDT) Received: (from mailnull@localhost) by hecky.it.northwestern.edu (8.8.7/8.8.7) id BAA05290; Sun, 15 Oct 2000 01:45:27 -0500 (CDT) Received: from confusion.net (dhcp089155.res-hall.nwu.edu [199.74.89.155]) by hecky.acns.nwu.edu via smap (V2.0) id xma005264; Sun, 15 Oct 00 01:45:00 -0500 Message-ID: <39E95244.D5C0EDFF@confusion.net> Date: Sun, 15 Oct 2000 01:44:21 -0500 From: Laurence Berland X-Mailer: Mozilla 4.75 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Gregory Sutter Cc: hackers@FreeBSD.ORG Subject: Re: Routing issues References: <20001014233212.H3444@klapaucius.zer0.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Gregory Sutter wrote: > > I'm setting up a network that looks like this: > > --Internet----Router---Firewall > | > | /--- host > Switch----NAT-----<----- host > | \----- host > | \----- etc... > --------- > | | > email ns > > In other words, a fairly typical small network. I've got an 8-IP > subnet; all hosts outside the NAT have real IPs: > > router: 1.2.3.193 > firewall: 1.2.3.196 fxp0 > 1.2.3.197 fxp1 > nat: 1.2.3.198 > email: 1.2.3.194 > ns: 1.2.3.195 > > The problem I'm having is with my routing. Surprise. Here is > the routing table for the firewall: > > default 1.2.3.193 fxp0 > 1.2.3.193 link#1 fxp0 > 1.2.3.192/29 link#2 fxp1 > 1.2.3.196 lo0 > 1.2.3.197 lo0 > Now my network engineering is far from perfect (anyone have a network engineering intership for summer 2001? I do sysadmin and a little coding also...:) but it looks like the problem is that if the firewall is acting as a router (as opposed to a bridge, you don't say) then it will be seeing both its interfaces plus the router as being in the 1.2.3.192/29 subnet and is thus sending everything to fxp1. Or maybe I'm just nuts... > The gateway_enable (net.inet.ip.forwarding) is also enabled on > the firewall. > > >From the firewall, I can reach any host with no problems. However, > from hosts inside the firewall, I cannot reach outside, and vice > versa. I feel I must be missing something obvious, but have played > with routes for hours to no avail. Can you reach the router from the firewall? I say this because the default of fxp0 will let you get things off your net, but the router may be another story... > > Does anyone see a problem with the routing of this network? > > Greg > -- > Gregory S. Sutter Computing is a terminal addiction. > mailto:gsutter@zer0.org > http://www.zer0.org/~gsutter/ > PGP DSS public key 0x40AE3052 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message -- Laurence Berland Intern, Flooz.com Northwestern '04 stuyman@confusion.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message