Date: Mon, 19 Nov 2001 17:05:04 -0500 From: Zak Johnson <zakj@fenris.cc> To: freebsd-questions@freebsd.org Subject: Complex routing for a firewall Message-ID: <20011119220504.GA3048@loki.intra>
next in thread | raw e-mail | index | archive | help
I am having some trouble setting up routing for my (admittedly strange)
network. I control x.x.165.232/29. My gateway (controlled by my ISP)
is x.x.164.1. My intended setup:
ISP Gateway (x.x.164.1)
|
firewall rl0 (inet x.x.165.233 netmask 255.255.254.0)
firewall rl1 (inet x.x.165.234 netmask 255.255.255.248)
|
servers (inet x.x.165.235-237 netmask 255.255.255.248)
The firewall's rl0 has the odd netmask because otherwise FreeBSD
complains on `route add default x.x.164.1`. Adding the following route
on the firewall allows the firewall to communicate with the servers and
the gateway, and vice-versa:
route add x.x.165.233/29 -iface rl1 -cloning
But the servers cannot get to the gateway (or even rl0 on the firewall).
Using ipfilter, /etc/ipf.rules says:
pass in quick all
pass out quick all
and net.inet.ip.forwarding=1. What am I missing? Do I need to try to
convince my ISP to give me one IP on the x.x.164.1/24 network for rl0?
Please let me know if I'm leaving out any required information.
--
Zak Johnson <zakj-freebsd@fenris.cc>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011119220504.GA3048>