From owner-freebsd-questions@FreeBSD.ORG Tue May 11 14:00:27 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2ED1316A51A for ; Tue, 11 May 2004 14:00:27 -0700 (PDT) Received: from main.gmane.org (main.gmane.org [80.91.224.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7F30A43D5A for ; Tue, 11 May 2004 14:00:25 -0700 (PDT) (envelope-from freebsd-questions@m.gmane.org) Received: from root by main.gmane.org with local (Exim 3.35 #1 (Debian)) id 1BNeMP-0002vV-00 for ; Tue, 11 May 2004 23:00:23 +0200 Received: from r2i215.mistral.cz ([62.245.72.215]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 11 May 2004 23:00:21 +0200 Received: from element by r2i215.mistral.cz with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Tue, 11 May 2004 23:00:21 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Pavel Duda Date: Tue, 11 May 2004 15:25:27 +0200 Lines: 106 Message-ID: References: <409F97F2.6050908@stevenfettig.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: r2i215.mistral.cz User-Agent: Mozilla Thunderbird 0.5 (Windows/20040207) X-Accept-Language: en-us, en In-Reply-To: <409F97F2.6050908@stevenfettig.com> Sender: news Subject: Re: 3 Nics - Dual (Tripe) Homed Host X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 May 2004 21:00:27 -0000 Steven N. Fettig wrote: > Travis Troyer wrote: > >> I have a FreeBSD system that acts as a NAT Gateway, currently >> providing on LAN with access to the Internet. I have added a third >> NIC, connected to a second LAN. The second LAN does not need internet >> access, but I would like it to be able to communicate with the first >> LAN. I have tried reading various sources, but have not found >> anything dealing with this situation. I would appreciate any help. >> Below is a diagram of my current setup and the output of ifconfig. >> >> Internet >> | >> [ xl0: DHCP assigned ] >> Router >> | | >> [ xl1: 10.0.0.1] [ xl3: 192.168.1.10] >> 10.0.0.0/24 LAN 192.168.1.0/24 LAN >> >> Output of ifconfig: >> xl0: flags=8843 mtu 1500 >> options=8 >> inet 24.33.126.252 netmask 0xffffff00 broadcast 255.255.255.255 >> ether 00:60:97:74:35:b0 >> media: Ethernet autoselect (10baseT/UTP) >> status: active >> xl1: flags=8843 mtu 1500 >> options=b >> inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 >> ether 00:01:02:37:93:eb >> media: Ethernet autoselect (100baseTX ) >> status: active >> xl2: flags=8843 mtu 1500 >> options=b >> inet 192.168.1.10 netmask 0xffffff00 broadcast 192.168.1.255 >> ether 00:01:02:cc:63:d2 >> media: Ethernet autoselect (100baseTX ) >> status: active >> lo0: flags=8049 mtu 16384 >> inet 127.0.0.1 netmask 0xff000000 >> > Travis, > > Although I have been dealing with routing for years, I can't claim I > really understand it well, so my advice may not be so intelligent, but > here's a stab at it anyway: > I think what you want to do is to bridge both LAN's. You need to tell > your gateway that in order to get to 10.0.0.0/24 from 192.168.1.0/24, > you need to tell the routing tables that the route to 10.0.0.0/24 is via > xl1 and vice versa. > route add 10.0.0.0/24 -interface xl1 > > and vice versa: > > route add 192.168.1.0/24 -interface xl2 > > In the handbook, it says > (http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-bridging.html): > > <--begin quote--> > 19.5.4 Enabling the Bridge > > Add the line: > net.link.ether.bridge=1 > > > to /etc/sysctl.conf to enable the bridge at runtime, and the line: > net.link.ether.bridge_cfg=if1,if2 > > > to enable bridging on the specified interfaces (replace if1 and if2 with > the names of your two network interfaces). If you want the bridged > packets to be filtered by ipfw(8), you should add: > net.link.ether.bridge_ipfw=1 > > > as well. > > For FreeBSD 5.2-RELEASE and later, use instead the following lines: > net.link.ether.bridge.enable=1 > net.link.ether.bridge.config=if1,if2 > net.link.ether.bridge.ipfw=1 > <--end quote--> > > I am not sure if this will work, though, because I'm not sure what > effect (if any) it would have on the NAT from the 192.168.1.0/24 > network. You might want to first try this approach while NAT and the > firewall are turned off. I have a similar situation that I want to > test, so I'd be curious if you succeed and how. > > Steve Fettig > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > This should work fine with NAT. I was using similar setup during tests with wi-fi : server with wi-fi card (hostap and DHCP - 192.168.1.xxx range), one NIC connected to local LAN (192.168.0.xxx range) and one NIC for connection to my ISP ( to cable modem to be more specific ). Only people on local lan were able to connect to internet - this was controlled via ipfw rules.