Date: Wed, 21 Nov 2007 11:54:58 +0200 From: Todor Dragnev <todor.dragnev@gmail.com> To: alexus <alexus@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: multihome network Message-ID: <01E3A49C-4ECF-41E6-9EC8-7B38EE03E3AE@gmail.com> In-Reply-To: <6ae50c2d0711182003t2b419839y374395d63ce5877d@mail.gmail.com> References: <6ae50c2d0711152118h2f2a9989q2b39eba077154041@mail.gmail.com> <D0DD85A9-3B0F-49B1-9B6E-B48CDF0160FA@gmail.com> <6ae50c2d0711182003t2b419839y374395d63ce5877d@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 19.11.2007, at 06:03, alexus wrote: > how i can acomplish this with ipf? i have ipf on that box > Write this in ipf.rules: pass out quick on fxp0 to fxp1:$fxp1_gw from $fxp1_ip to any keep state don't forget to replace $fxp1_*. This solution can be also accomplished with IPFW, options IPFIREWALL_FORWARD. > On Nov 16, 2007 4:45 PM, Todor Dragnev <todor.dragnev@gmail.com> > wrote: >> Hi, >> >> you must use advanced routing, this is very easy on linux with >> iproute2 but freebsd is far away for now(maybe forever) and you must >> use pf or ipf for this situation. >> >> So, enable pf in rc.conf >> pf_enable="YES" >> >> Add this line to the end of pf.conf: >> pass out quick route-to (fxp1 $fxp1_gw) inet from $fxp1_ip to ! >> $fxp1_ip keep state >> >> Where $fxp1_gw must be your gateway on fxp1 interface and $fxp1_ip is >> your IP address on fxp1. >> Keep your default gateway via 192.168.1.1. With these settings you >> can access both 192.168.1.1 and $fxp1_ip from outside. >> >> Regards, >> Todor Dragnev >> >> >> On 16.11.2007, at 07:18, alexus wrote: >> >>> Hello, >>> >>> I have two NICs on my box, one (primary) connected to switch and >>> have >>> private IP. that IP also have a static route on Cisco PIX for >>> accessing this box from outside. the other interface has public IP >>> that is connected to another switch, i configure both IPs through >>> /etc/rc.conf, but I can not for some reason access my box through >>> that >>> public IP, no firewall rules would prevent me from doing so. here is >>> my output for netstat -rn >>> >>> alexus# netstat -rn >>> Routing tables >>> >>> Internet: >>> Destination Gateway Flags Refs Use Netif >>> Expire >>> default 192.168.1.1 UGS 0 250 fxp0 >>> 127.0.0.1 127.0.0.1 UH 0 2 lo0 >>> 192.168.1 link#1 UC 0 0 fxp0 >>> 192.168.1.1 00:0d:29:09:90:61 UHLW 2 2 >>> fxp0 1171 >>> 192.168.1.250 00:16:cb:94:10:e9 UHLW 1 12 >>> fxp0 1169 >>> 216.112.241.24/29 link#2 UC 0 0 fxp1 >>> >>> Internet6: >>> Destination Gateway >>> Flags >>> Netif Expire >>> ::1 ::1 >>> UHL lo0 >>> fe80::%lo0/64 fe80::1%lo0 >>> U lo0 >>> fe80::1%lo0 link#4 >>> UHL lo0 >>> ff01:4::/32 fe80::1%lo0 >>> UC lo0 >>> ff02::%lo0/32 fe80::1%lo0 >>> UC lo0 >>> alexus# >>> >>> what am I missing? >>> >>> -- >>> http://alexus.org/ >> >>> _______________________________________________ >>> freebsd-questions@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>> To unsubscribe, send any mail to "freebsd-questions- >>> unsubscribe@freebsd.org" >> >> > > > > -- > http://alexus.org/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01E3A49C-4ECF-41E6-9EC8-7B38EE03E3AE>