From owner-freebsd-net  Wed Jan 20 15:58:02 1999
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id PAA05382
          for freebsd-net-outgoing; Wed, 20 Jan 1999 15:58:02 -0800 (PST)
          (envelope-from owner-freebsd-net@FreeBSD.ORG)
Received: from abused.com (abused.com [204.216.142.63])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA05377
          for <freebsd-net@freebsd.org>; Wed, 20 Jan 1999 15:58:01 -0800 (PST)
          (envelope-from gvb@tns.net)
Received: from gvb (gvb.tns.net [204.216.245.137])
	by abused.com (8.9.1a/I feel abused.) with SMTP id PAA02574
	for <freebsd-net@freebsd.org>; Wed, 20 Jan 1999 15:58:50 -0800 (PST)
Message-Id: <4.1.19990120155059.00a64b00@abused.com>
X-Sender: gvb@abused.com
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 
Date: Wed, 20 Jan 1999 15:58:19 -0800
To: freebsd-net@FreeBSD.ORG
From: GVB <gvb@tns.net>
Subject: Firewall headaches...
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Here is my situation.  Cisco router connected to internet lets say
200.200.200.0 255.255.255.0.  I have a FreeBSD 3.0 machine with two network
cards, the first card is connected to the cisco with lets say an IP address
of 200.200.200.2, the cisco being .1 and its gateway.  The second network
card has an IP address out of another subnet, 100.100.100.21 netmask
255.255.255.252 (for testing purposes).  I setup a route in the cisco to
route 100.100.100.20 255.255.255.252 to 200.200.200.2.  So the subnet I am
trying to place behind the firewall is routed to the first network card in
the FreeBSD machine.  I can ping to both of these network cards and get
immediate normal responses from them.  But the machine that is behind the
firewall (connected to the second network card with an IP address of
100.100.100.22, netmask .252, gateway .21) gives me very eratic responses.
I ping it, and it sits for 60 seconds, then I get about 40 replies all at
one time.  The machine can not see out on the web or anything, but I can
telnet to port 139 of the machine (its windows).  The firewall
configuration is completely open and from what I understand this is what I
needed to compile with to get the firewall working;

pseudo-device   bpfilter        4       #Berkeley packet filter
options         IPFIREWALL_VERBOSE
options         IPDIVERT
options         IPFILTER

Here is my ipfw list

65300 allow ip from any to any
65535 deny ip from any to any

Both NICs are configured in rc.conf, firewall is set to open in rc.conf.
Do I need to setup some kind of static routes on the FreeBSD machine, or
run routed or gated or some other routing software?  Any help is greatly
appriciated.

GVB

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message