Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 28 Mar 2000 17:16:31 +0700
From:      "Benedict H" <hbenedict_fbsd@yahoo.com>
To:        freebsd-security@freebsd.org
Subject:   Gateway problem
Message-ID:  <200003281716310750.0075B3CA@smtp.mail.yahoo.com>
References:  <200003281125420050.0039848C@smtp.mail.yahoo.com> <200003281709490530.006F9035@smtp.indosat.net.id> <200003281713040510.00728A06@smtp.indosat.net.id>
next in thread | previous in thread | raw e-mail | index | archive | help 
--=====_95423859129358=_
Content-Type: text/plain; charset="us-ascii"

Hi,
 

I'm trying to get my FreeBSD 3.3 box up and running as a gateway between
2 local subnets. I have already recompile the kernel with the IPFIREWALL,
IPFIREWALL_FORWARD, IPFILTER, DUMMYNET, and BRIDGE options.
Currently the firewall rule is allow all from any to any.

            subnet1 -- gw -- subnet2
 

Here's what I've got at the console when I type netstat -r:
 
localhost       localhost           UH    0   1   lo0
192.168.1/26    link#3              UC    0   0   ep0
gw              <gw ep0 ether addr> UHLW  0   2   lo0
192.168.1.5     <host1 ether addr>  UHLW  1  1550 ep0  694
192.168.2/26    link#1              UC    0   0   xl0
gw              <gw xl0 ether addr> UHLW  0   136 lo0
192.168.2.63    ff:ff:ff:ff:ff:ff   UHLWb 1   1   xl0
 
But I encountered a problem, when I ping from gw box to host1 box,
I always have the responses back to me in about 10 to 40 seconds.
Then in the host1 machine, I type "tcpdump -i ep0" at the console
and I think host1 runs correctly, because it always reply immediately 
after it gets the echo request. 
 
When I unplugged my xl0 device out of the machine, everything goes well.
 
 
 

Anyone, please help me fix this problem.
 

Thank you
 

Benedict


--=====_95423859129358=_
Content-Type: text/html; charset="us-ascii"

<!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">
<HTML>
<HEAD>

<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content='"MSHTML 4.72.3110.7"' name=GENERATOR>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT color=#000000 face=Arial size=2>Hi,</FONT></DIV>
<DIV><FONT color=#000000 face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT color=#000000 face=Arial size=2><BR>I'm trying to get my FreeBSD 3.3 
box up and running as a <FONT color=#000000 face=Arial size=2>gateway</FONT> 
between<BR>2 local subnets. I have already recompile the kernel with the 
IPFIREWALL,<BR>IPFIREWALL_FORWARD, IPFILTER, DUMMYNET, and BRIDGE 
options.</FONT></DIV>
<DIV><FONT color=#000000 face=Arial size=2></FONT>Currently the firewall rule is 
allow all from any to any.</DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT color=#000000 face=Arial 
size=2>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
subnet1 -- gw -- subnet2</FONT></DIV>
<DIV><FONT color=#000000 face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT color=#000000 face=Arial size=2><BR>Here's what I've got at the 
console when I type netstat -r:</FONT></DIV>
<DIV><FONT color=#000000 face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT color=#000000 face=Arial 
size=2>localhost&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
localhost&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
UH&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp; 1&nbsp;&nbsp; 
lo0<BR>192.168.1/26&nbsp;&nbsp;&nbsp; 
link#3&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
UC&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp; 0&nbsp;&nbsp; 
ep0<BR>gw&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
&lt;gw ep0 ether addr&gt; UHLW&nbsp; 0&nbsp;&nbsp; 2&nbsp;&nbsp; 
lo0<BR>192.168.1.5&nbsp;&nbsp;&nbsp;&nbsp; &lt;host1 ether addr&gt;&nbsp; 
UHLW&nbsp; 1&nbsp; 1550 ep0&nbsp; 694<BR>192.168.2/26&nbsp;&nbsp;&nbsp; 
link#1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
UC&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp; 0&nbsp;&nbsp; 
xl0<BR>gw&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 
&lt;gw xl0 ether addr&gt; UHLW&nbsp; 0&nbsp;&nbsp; 136 
lo0<BR>192.168.2.63&nbsp;&nbsp;&nbsp; ff:ff:ff:ff:ff:ff&nbsp;&nbsp; UHLWb 
1&nbsp;&nbsp; 1&nbsp;&nbsp; xl0</FONT></DIV>
<DIV><FONT color=#000000 face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT color=#000000 face=Arial size=2>But I encountered a problem, when I 
ping from gw box to host1 box,<BR>I always have the responses back to me in 
about 10 to 40 seconds.<BR>Then in the host1 machine, I type &quot;tcpdump -i 
ep0&quot; at the console<BR>and I think host1 runs correctly, because it always 
reply immediately <BR>after it gets the echo request. </FONT></DIV>
<DIV><FONT color=#000000 face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT color=#000000 face=Arial size=2>When I unplugged my xl0 device out of 
the machine, everything goes well.</FONT></DIV>
<DIV><FONT color=#000000 face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT color=#000000 face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT color=#000000 face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT color=#000000 face=Arial size=2><BR>Anyone, please help me fix this 
problem.</FONT></DIV>
<DIV><FONT color=#000000 face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT color=#000000 face=Arial size=2><BR>Thank you</FONT></DIV>
<DIV><FONT color=#000000 face=Arial size=2></FONT>&nbsp;</DIV>
<DIV><FONT color=#000000 face=Arial 
size=2><BR>Benedict</FONT></DIV></BODY></HTML>


--=====_95423859129358=_--


__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200003281716310750.0075B3CA>