From owner-freebsd-questions@FreeBSD.ORG Mon May 10 07:55:50 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3CB1A16A4CF for ; Mon, 10 May 2004 07:55:50 -0700 (PDT) Received: from mail.darien-wifi.net (genesis.anywheretechnology.com [206.132.238.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id A64F843D1D for ; Mon, 10 May 2004 07:55:48 -0700 (PDT) (envelope-from freebsd@stevenfettig.com) Received: (qmail 16978 invoked from network); 10 May 2004 14:47:15 -0000 Received: from unknown (HELO stevenfettig.com) (206.132.238.12) by mail.darien-wifi.net with SMTP; 10 May 2004 14:47:15 -0000 Message-ID: <409F97F2.6050908@stevenfettig.com> Date: Mon, 10 May 2004 09:55:46 -0500 From: "Steven N. Fettig" User-Agent: Mozilla Thunderbird 0.5 (Macintosh/20040208) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Travis Troyer , FreeBSD - questions References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: 3 Nics - Dual (Tripe) Homed Host X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 May 2004 14:55:50 -0000 Travis Troyer wrote: > I have a FreeBSD system that acts as a NAT Gateway, currently > providing on LAN with access to the Internet. I have added a third > NIC, connected to a second LAN. The second LAN does not need internet > access, but I would like it to be able to communicate with the first > LAN. I have tried reading various sources, but have not found > anything dealing with this situation. I would appreciate any help. > Below is a diagram of my current setup and the output of ifconfig. > > Internet > | > [ xl0: DHCP assigned ] > Router > | | > [ xl1: 10.0.0.1] [ xl3: 192.168.1.10] > 10.0.0.0/24 LAN 192.168.1.0/24 LAN > > Output of ifconfig: > xl0: flags=8843 mtu 1500 > options=8 > inet 24.33.126.252 netmask 0xffffff00 broadcast 255.255.255.255 > ether 00:60:97:74:35:b0 > media: Ethernet autoselect (10baseT/UTP) > status: active > xl1: flags=8843 mtu 1500 > options=b > inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 > ether 00:01:02:37:93:eb > media: Ethernet autoselect (100baseTX ) > status: active > xl2: flags=8843 mtu 1500 > options=b > inet 192.168.1.10 netmask 0xffffff00 broadcast 192.168.1.255 > ether 00:01:02:cc:63:d2 > media: Ethernet autoselect (100baseTX ) > status: active > lo0: flags=8049 mtu 16384 > inet 127.0.0.1 netmask 0xff000000 > Travis, Although I have been dealing with routing for years, I can't claim I really understand it well, so my advice may not be so intelligent, but here's a stab at it anyway: I think what you want to do is to bridge both LAN's. You need to tell your gateway that in order to get to 10.0.0.0/24 from 192.168.1.0/24, you need to tell the routing tables that the route to 10.0.0.0/24 is via xl1 and vice versa. route add 10.0.0.0/24 -interface xl1 and vice versa: route add 192.168.1.0/24 -interface xl2 In the handbook, it says (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-bridging.html): <--begin quote--> 19.5.4 Enabling the Bridge Add the line: net.link.ether.bridge=1 to /etc/sysctl.conf to enable the bridge at runtime, and the line: net.link.ether.bridge_cfg=if1,if2 to enable bridging on the specified interfaces (replace if1 and if2 with the names of your two network interfaces). If you want the bridged packets to be filtered by ipfw(8), you should add: net.link.ether.bridge_ipfw=1 as well. For FreeBSD 5.2-RELEASE and later, use instead the following lines: net.link.ether.bridge.enable=1 net.link.ether.bridge.config=if1,if2 net.link.ether.bridge.ipfw=1 <--end quote--> I am not sure if this will work, though, because I'm not sure what effect (if any) it would have on the NAT from the 192.168.1.0/24 network. You might want to first try this approach while NAT and the firewall are turned off. I have a similar situation that I want to test, so I'd be curious if you succeed and how. Steve Fettig