From owner-freebsd-isp Wed Sep 30 15:20:08 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id PAA09702 for freebsd-isp-outgoing; Wed, 30 Sep 1998 15:20:08 -0700 (PDT) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from smtp.shellnet.co.uk (smtp.shellnet.co.uk [194.129.209.14]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id PAA09611 for ; Wed, 30 Sep 1998 15:19:57 -0700 (PDT) (envelope-from steven@shellnet.co.uk) Received: from dial-10-01.bolton.cspace.co.uk (dial-10-01.bolton.cspace.co.uk [194.128.147.26]) by smtp.shellnet.co.uk (8.9.1/8.9.1-shellnet.stevenf) with SMTP id XAA07956; Wed, 30 Sep 1998 23:19:09 +0100 (BST) Posted-Date: Wed, 30 Sep 1998 23:19:09 +0100 (BST) From: steven@shellnet.co.uk (Steven Fletcher) To: "Jeffrey J. Mountin" Cc: freebsd-isp@FreeBSD.ORG Subject: Re: IPFW, Dual network cards Date: Wed, 30 Sep 1998 22:18:30 GMT Message-ID: <3615a823.10152184@smtp.shellnet.co.uk> References: <3.0.3.32.19980930152823.00720380@207.227.119.2> In-Reply-To: <3.0.3.32.19980930152823.00720380@207.227.119.2> X-Mailer: Forte Agent 1.5/32.452 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by hub.freebsd.org id PAA09669 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 30 Sep 1998 15:28:23 -0500, you wrote: >You are aware that by default Windoze does NetBEUI over TCP/IP and file sharing should be done via NetBEUI. Aha. This is a case of simply closing the relevant tcp ports via ipfw yes ? > He was a bit slow Aren't they all? }:> > >I'd bet there are a lot of vulnerable printers out there. ;) *grin* What follows this line is only for the strong-minded: Okay, so I have managed to get FreeBSD installed and the network cards in place. The situation is this: I have one Intel EtherExpress PRO as fxp0. This is the card that is connected to our Cisco switch @ 100Mb/s (the main network). This (I belive) is what is known as the public interface? Its IP is 194.129.209.8 (eth2-fw1.bolton.shellnet.co.uk) Then there is one RealTek(Groan) 8019 card as ed0. This is setup correctly as far as I can see - However occasionally the kernel says "ed0: device timeout". I think I am right here in setting its IPs as 192.168.0.1 (for the internal network) and as 194.129.209.15 (which will be the default gateway of the bandwidth limited machines that use it.) It's connected to a cheap 8 port non-switching hub. The following diagram should illustrate this: .-----------------------. | FreeBSD 3 | '-----------------------' / \ Intel Realtek 194.129.209.8 192.168.0.1/194.129.209.15 | | | | Internal network | Cisco Hub to | 2501 router. bandwidth limited servers So, I plugged in the cards and hubs, and now I'd like to do the following: 1) Using IOS for the IP's of the bandwidth limited servers, I'll plonk: ip route 194.129.209.whatever 255.255.255.255 Ethernet0 194.129.209.8 or ip route 194.129.209.whatever 255.255.255.255 Ethernet0 194.129.209.15 ? Will 194.129.209.8 know that 194.129.209.whatever is accessible via the RealTek card and be able to forward the packets? Or will the rest of my network be able to see 194.129.209.15 even though it is indirectly connected to the network? Just how do I tell FreeBSD to route packets from one network card to the 2nd network card and vice versa. I've tried this, y'see, with no luck. The situation before was that some of our smart-arse customers we able to change the default gateway and subnet mask (Windows NT hosted servers) of their machines and bypass (at least) the outgoing bandwidth limitations - incoming traffic was still limited by the router statements so physical security is the next step up. Anyway, it didn't appear to work after almost all afternoon trying to figure this out.... I'm a little stuck now and am desperately looking for people who've done this before to advise on how I go about resolving this situation :) Thanks for reading... It's a little long but I have a habit of wanting to make things clear - usually undone in that I in fact make thinks worse. TIA Steven Fletcher steven@shellnet.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message