Date: Mon, 08 Apr 2002 19:07:34 -0700 From: UCTC Sysadmin <ecsd@transbay.net> To: drauman@siscom.net Cc: questions@FreeBSD.ORG Subject: Re: Two NICS, Two Default Routers? Message-ID: <3CB24CE6.81EF7AE2@transbay.net> References: <001901c1dc21$19e05bd0$03fea8c0@auman> <3CACE2D9.7080006@subdimension.com> <1017962997.3cace1f524453@webmail.siscom.net> <3CACEAAD.6000707@subdimension.com> <1018007969.3cad91a126b84@webmail.siscom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
drauman@siscom.net wrote: > Ran "routed -s" and that solved it. You shouldn't have to run "routed". routed runs RIP, and all you'd want to do with it is /listen/ to what your ISP says about routes, unless you're not using an ISP (the ISP doesn't need to hear from your routed what it thinks the routes are, since the ISP is who set it up and they already know.) Your machine will already know about routes what it needs to know without using routed, unless you're doing something unusually complex. Set gateway_enable = "YES" in /etc/rc.conf. Two general scenarios: 1. You're using the box as a gateway for a real subnet. 2. You're not. (case includes running NAT on the inside net.) case 1: If your ISP allocated a real IP subnet to you, then choose canonically the lowest number on the subnet and assign it to your inside interface with the proper netmask. The gateway box's gateway address is the ISP's gateway address given to you. Your internal gateway address for PCs behind your gateway box is the address/netmask assigned to the second interface. You'd only have more than one gateway if you had more than one connection to the world (at either end of the line that ties you into the world) and if you have multiple subnets assigned to you. Then you'd want to do some smarter routing. This is probably not your situation. E.g. ISP gives you a WAN address, say 66.55.44.33/24 (in a class C subnet), and a subnet 66.55.33.32/28, which is 66.55.33.32 netmask 255.255.255.240. WAN side interface (pointing to ISP) is "inet 66.55.44.33 netmask 255.255.255.0" and LAN side (inside) interface is "inet 66.55.33.33 netmask 255.255.255.240". Set gateway_enable = "YES" in rc.conf and issue a sysctl to activate gatewaying, sysctl -w net.inet.ip.forwarding=1 or restart the machine. Then your PCs on the LAN are 66.55.33.34 thru 66.55.33.46, inclusive, with a netmask of 255.255.255.240 and a gateway address of 66.55.33.33, and everything should work, and routed is not used. Don't forget to propagate the DNS server numbers to the PCs as well. case 2: Not much to do here. If you're running NAT, enable the gatewaying as before and insure that IPDIVERT is in your kernel config file, and enabled in /etc/rc.conf with the WAN interface name for the NAT interface, with flags "-s -m -u". There's not really any routing going on to worry about. See "/etc/hosts" for a list of the phony subnets you can use. case 3: Not using an ISP, or trying to use a real subnet that doesn't belong to you. Well, don't use a subnet that doesn't belong to you if you're hooked to the Internet. If you're not hooked to the Internet you may be some day so you still shouldn't use a real subnet, for convenience if one day you do. (Once you're connected to the world you can only use the real subnet by lying about it, in which case you can't get to the "real" real one out there, and nobody can come in to your version of the subnet. Since that's "defective", you might as well run on a phony subnet internally to prevent having to renumber later.) -ecsd Then the routing goes as in case 1. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CB24CE6.81EF7AE2>