Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 27 Jun 2000 19:08:52 -0400
From:      "Rossen Raykov" <rraykov@sage-consult.com>
To:        <FreeBSD-questions@FreeBSD.ORG>
Subject:   rouing problem
Message-ID:  <01a701bfe08c$a8d8d890$4c00000a@sage>
next in thread | raw e-mail | index | archive | help 
Hi all!

I am trying to use FreeBSD like gateway/firewall.
My network topology is like this one:


              ISP 1              ISP 2

                ^                  ^
                |                  |
                |                  |
            +-------+          +--------+
            |  DSL  |          |  ISDN  |
            +-------+          +--------+
           IP 1.0.0.1          IP 2.0.0.1

                \                  /
                 \                /

        IP   1.0.0.252       IP 2.0.0.2
      MASK 255.255.255.0   MASK 255.255.255.252
      -----------------------------------------
                    FreeBSD Box
      -----------------------------------------
                    IP 2.0.0.252
                  MASK 255.255.255.0
                         |
                         |
      -----------------------------------------
       L A N                      HOST
       NET 2.0.0.0             2.0.0.129

I am running FreeBSD 4.0 and the kernel is compiled with the following
options: IPFIREWALL, IPFIREWALL_VERBOSE, IPDIVERT, BRIDGE.

In /etc/rc.conf following options are defined:
firewall_enable="YES"
firewall_type="open"
gateway_enable="YES"
router_enable="YES"
kern_securitylevel_enabled="NO"

As one can expect after that the firewall rules are:
allow ip from any to any via lo0
deny ip from any to 127.0.0.0/8
allow ip from any to any
deny ip from any to any

Routing connected sysctl flags are:
net.inet.ip.forwarding=1
net.inet.ip.redirect=1
net.inet.ip.fw.enable=1
net.inet.ip.fw.one_pass=1

I am able to ping all neighbors interfaces from BSD box (1.0.0.1, 2.0.0.1
and 2.0.0.129).

My first problem was that I was not able to ping 1.0.0.252 and 2.0.0.2
interfaces on the server from LAN host (2.0.0.129).
After I've enabled BRIDGE option in the kernel that become possible.

Then a new problem appear - I cannot ping 1.0.0.1 and 2.0.0.1 from the LAN
host (2.0.0.129).

All IP addresses that I am using are real (routable) IP addresses.

Where is my mistake?
Why I am not able to pass thru BSD box?
Are my network mask wrong or I am missing something on kernel/os
configuration level?

I have one more question too.
How to set up the box to work with 2 or more gateways and to make dinamyc
routing?
Can someone give a URL devoted to this to me?
Recommendations for gated setting will be appreciated to.

Thanks in advance,
Rossen

PS sorry for my English, it is not my native language ;)




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01a701bfe08c$a8d8d890$4c00000a>