From owner-freebsd-questions Mon Dec 3 11: 3: 5 2001 Delivered-To: freebsd-questions@freebsd.org Received: from shumai.marcuscom.com (rdu57-28-046.nc.rr.com [66.57.28.46]) by hub.freebsd.org (Postfix) with ESMTP id 36D1D37B405 for ; Mon, 3 Dec 2001 11:02:56 -0800 (PST) Received: from localhost (marcus@localhost) by shumai.marcuscom.com (8.11.6/8.11.6) with ESMTP id fB3J2xm58102; Mon, 3 Dec 2001 14:02:59 -0500 (EST) (envelope-from marcus@marcuscom.com) X-Authentication-Warning: shumai.marcuscom.com: marcus owned process doing -bs Date: Mon, 3 Dec 2001 14:02:59 -0500 (EST) From: Joe Clarke To: Eric Long Cc: freebsd-questions@FreeBSD.ORG Subject: Re: WAN routing question In-Reply-To: Message-ID: <20011203140057.K49546-100000@shumai.marcuscom.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, 3 Dec 2001, Eric Long wrote: > on 12/3/01 11:21 AM, Joe Clarke at marcus@marcuscom.com wrote: > > > > > > > On Mon, 3 Dec 2001, Eric Long wrote: > > > >> I have a WAN routing question. First, the setup is the following: > >> > >> (using Savvis for internet access and the private link between our two > >> offices located in different states) > >> > >> > >> --- > >> > >> 192.168.1.0/24 LAN > >> | > >> -------------------------------- > >> | 192.168.1.4 66.100.208.34 | FreeBSD 4.4-STABLE box in MN > >> -------------------------------- > >> | | > >> | `----- INTERNET > >> | > >> | > >> ------------------ > >> | 192.168.1.1 | Savvis WAN Router in MN > >> ------------------ > >> | > >> WAN > >> | > >> ------------------ > >> | 192.168.2.1 | Savvis WAN Router in CA > >> ------------------ > >> | > >> ------------------ > >> | 192.168.2.4 | FreeBSD 4.4-STABLE box in CA > >> ------------------ > >> | > >> 192.168.2.0/24 LAN > >> > >> > >> --- > >> > >> I want to route internet traffic from the LAN in CA over the WAN link and > >> through the Internet connection in MN. How should routing be done so that > >> internet-bound traffic from the LAN in CA gets routed to the MN office and > >> out ot the Internet? > >> > >> I'm to the point where I can ping workstations in CA from MN and vice versa, > >> but am unclear as to how the routing should be configured so that > >> Internet-bound traffic from CA gets routed to MN's Internet connection. > > > > Looks to me like you just want to create a static route for MN LAN in CA, > > then put your default route in CA across the WAN link. This looks to be a > > fairly simple configuration. If you wanted to spice it up, you could use > > RIP, or some other routing protocol to propogate the LAN routes to both > > locations. You could even have RIP advertise the default route, but you > > might like to make the default route static. > > My CA FreeBSD box config: > > defaultrouter="192.168.2.1" > > At startup, I also do: > > /sbin/route add 192.168.1.0 192.168.2.1 > > This successfully routes any traffic bound for the MN LAN via the > Savvis-supplied Lucent WAN router. As I said before, I can ping back and > forth between both LAN's. > > Based on what you said, I have created a static route for the MN LAN in CA > and put the default route in CA across the WAN link. > > I'm missing something because I can't ping anything on the Internet from CA > (I can ping public IP's from the MN LAN). Are you doing NAT on your Internet gateway? I assume so since your MN people are able to access the Internet. Of course, you may need to check any policies you have to make sure 192.168.2.0/24 gets NAT'd correctly. Also, make sure the MN internet gateway has a route _back_ to CA. Joe > > -Eric > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message