From owner-freebsd-questions@FreeBSD.ORG Wed Nov 21 09:55:19 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 82A6616A417 for ; Wed, 21 Nov 2007 09:55:19 +0000 (UTC) (envelope-from todor.dragnev@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.175]) by mx1.freebsd.org (Postfix) with ESMTP id D564E13C4BE for ; Wed, 21 Nov 2007 09:55:18 +0000 (UTC) (envelope-from todor.dragnev@gmail.com) Received: by ug-out-1314.google.com with SMTP id y2so77937uge for ; Wed, 21 Nov 2007 01:55:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:in-reply-to:references:mime-version:content-type:message-id:cc:content-transfer-encoding:from:subject:date:to:x-mailer; bh=zl8TBOAoGHK+83PDtFeGcIGXkUeYqlIV+VyaalT6glY=; b=DanQNPcGwx43+kCR0YZibww+8BKww2+Aba+HoPBAUHWjESdv4ijbkbCKuM9yM01RCMfZrp4tK5PpElpam3u1ipsVsZOrRnLstD+fxxa+hQRdWJGmnMtAqhB7Rb1ixo2zER5da2lscW4JLnZxyUciLuij1Kxj7z+VgSHkfhbxkPM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=received:in-reply-to:references:mime-version:content-type:message-id:cc:content-transfer-encoding:from:subject:date:to:x-mailer; b=eVr5YeO/YxusjmhZipvZ+hLd0ddsDd+bTwPIpulkcp6Q6AyO7IYkNYAoWYZY2FzIeKHjtDP3jOXDwADeIleSudxvAWirttCYcXNpnlN+UWLcVic+7dt8qbM31xY7IN5w/wOjBhCBj+OFfFzZ5rm5Ef0B+uph9ZBD3dM2IzFglvc= Received: by 10.66.243.2 with SMTP id q2mr10420ugh.1195638909167; Wed, 21 Nov 2007 01:55:09 -0800 (PST) Received: from ?192.168.1.2? ( [213.222.50.162]) by mx.google.com with ESMTPS id p38sm7282727fke.2007.11.21.01.55.03 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 21 Nov 2007 01:55:08 -0800 (PST) In-Reply-To: <6ae50c2d0711182003t2b419839y374395d63ce5877d@mail.gmail.com> References: <6ae50c2d0711152118h2f2a9989q2b39eba077154041@mail.gmail.com> <6ae50c2d0711182003t2b419839y374395d63ce5877d@mail.gmail.com> Mime-Version: 1.0 (Apple Message framework v752.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <01E3A49C-4ECF-41E6-9EC8-7B38EE03E3AE@gmail.com> Content-Transfer-Encoding: 7bit From: Todor Dragnev Date: Wed, 21 Nov 2007 11:54:58 +0200 To: alexus X-Mailer: Apple Mail (2.752.3) Cc: freebsd-questions@freebsd.org Subject: Re: multihome network X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Nov 2007 09:55:19 -0000 On 19.11.2007, at 06:03, alexus wrote: > how i can acomplish this with ipf? i have ipf on that box > Write this in ipf.rules: pass out quick on fxp0 to fxp1:$fxp1_gw from $fxp1_ip to any keep state don't forget to replace $fxp1_*. This solution can be also accomplished with IPFW, options IPFIREWALL_FORWARD. > On Nov 16, 2007 4:45 PM, Todor Dragnev > wrote: >> Hi, >> >> you must use advanced routing, this is very easy on linux with >> iproute2 but freebsd is far away for now(maybe forever) and you must >> use pf or ipf for this situation. >> >> So, enable pf in rc.conf >> pf_enable="YES" >> >> Add this line to the end of pf.conf: >> pass out quick route-to (fxp1 $fxp1_gw) inet from $fxp1_ip to ! >> $fxp1_ip keep state >> >> Where $fxp1_gw must be your gateway on fxp1 interface and $fxp1_ip is >> your IP address on fxp1. >> Keep your default gateway via 192.168.1.1. With these settings you >> can access both 192.168.1.1 and $fxp1_ip from outside. >> >> Regards, >> Todor Dragnev >> >> >> On 16.11.2007, at 07:18, alexus wrote: >> >>> Hello, >>> >>> I have two NICs on my box, one (primary) connected to switch and >>> have >>> private IP. that IP also have a static route on Cisco PIX for >>> accessing this box from outside. the other interface has public IP >>> that is connected to another switch, i configure both IPs through >>> /etc/rc.conf, but I can not for some reason access my box through >>> that >>> public IP, no firewall rules would prevent me from doing so. here is >>> my output for netstat -rn >>> >>> alexus# netstat -rn >>> Routing tables >>> >>> Internet: >>> Destination Gateway Flags Refs Use Netif >>> Expire >>> default 192.168.1.1 UGS 0 250 fxp0 >>> 127.0.0.1 127.0.0.1 UH 0 2 lo0 >>> 192.168.1 link#1 UC 0 0 fxp0 >>> 192.168.1.1 00:0d:29:09:90:61 UHLW 2 2 >>> fxp0 1171 >>> 192.168.1.250 00:16:cb:94:10:e9 UHLW 1 12 >>> fxp0 1169 >>> 216.112.241.24/29 link#2 UC 0 0 fxp1 >>> >>> Internet6: >>> Destination Gateway >>> Flags >>> Netif Expire >>> ::1 ::1 >>> UHL lo0 >>> fe80::%lo0/64 fe80::1%lo0 >>> U lo0 >>> fe80::1%lo0 link#4 >>> UHL lo0 >>> ff01:4::/32 fe80::1%lo0 >>> UC lo0 >>> ff02::%lo0/32 fe80::1%lo0 >>> UC lo0 >>> alexus# >>> >>> what am I missing? >>> >>> -- >>> http://alexus.org/ >> >>> _______________________________________________ >>> freebsd-questions@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions >>> To unsubscribe, send any mail to "freebsd-questions- >>> unsubscribe@freebsd.org" >> >> > > > > -- > http://alexus.org/