From owner-freebsd-questions Sat Dec 18 8: 4: 5 1999 Delivered-To: freebsd-questions@freebsd.org Received: from bigphred.greycat.com (bigphred.greycat.com [207.173.133.2]) by hub.freebsd.org (Postfix) with ESMTP id 135E61500C for ; Sat, 18 Dec 1999 08:04:02 -0800 (PST) (envelope-from dann@bigphred.greycat.com) Received: (from dann@localhost) by bigphred.greycat.com (8.9.3/8.9.3) id IAA32483 for questions@freebsd.org; Sat, 18 Dec 1999 08:04:38 -0800 (PST) (envelope-from dann) Date: Sat, 18 Dec 1999 08:04:38 -0800 From: Dann Lunsford To: questions@freebsd.org Subject: Force routing between interfaces? Message-ID: <19991218080438.A32353@greycat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0pre2i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I have a machine acting as a router, with four interfaces, call 'em A, B, C, and D. Interface A goes out to my ISP, B is to a local LAN, C goes to a router provided by the people I work for, and D is to a local lan containing machines I use solely for work. The reason I've got them in one box is basically that I'm cheap :-). Don't want to use more than one if I can get away with it. I've got A firewalled, but some other strange things are happening (not bad things, just inconvenient) that make me want to separate (logically) my two "virtual lans". What I want is this: Packets from A go only to B and from B only to A, and from C only to D and from D only to C. In other words, I want a wall between the AB pair and the CD pair. I have been messing with routing tables, ipfw rules, sysctls, etc., with a startlingly uniform lack of success. Either I break everything, so that nothing gets out, or I get packets going from D to C, but also from D to A, which I don't want. I don't seem to be able to get the right combo, if there is one. Anybody got a clue to how to get this running? Kernel is now 3.4-RC, but was 3.3-STABLE. Basically a stock machine, Interfaces are all 3c509's except for A which is a serial card. Any advice greatly appreciated. -- Dann Lunsford The only thing necessary for the triumph of evil dann@greycat.com is that men of good will do nothing. -- Cicero To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message