Date: Sun, 15 Oct 2000 13:40:19 -0600 From: Wes Peters <wes@softweyr.com> To: Thierry Herbelot <herbelot@cybercable.fr> Cc: Gregory Sutter <gsutter@zer0.org>, hackers@FreeBSD.ORG Subject: Re: Routing issues Message-ID: <39EA0823.D9D353D8@softweyr.com> References: <20001014233212.H3444@klapaucius.zer0.org> <39E95406.8F1C0717@cybercable.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
Thierry Herbelot wrote:
>
> Gregory Sutter wrote:
> >
> > I'm setting up a network that looks like this:
> >
> > --Internet----Router---Firewall
> > |
> > | /--- host
> > Switch----NAT-----<----- host
> > | \----- host
> > | \----- etc...
> > ---------
> > | |
> > email ns
> >
> > In other words, a fairly typical small network. I've got an 8-IP
> > subnet; all hosts outside the NAT have real IPs:
> >
> > router: 1.2.3.193
> > firewall: 1.2.3.196 fxp0
> > 1.2.3.197 fxp1
> > nat: 1.2.3.198
> > email: 1.2.3.194
> > ns: 1.2.3.195
> >
> > The problem I'm having is with my routing. Surprise. Here is
> > the routing table for the firewall:
> >
> > default 1.2.3.193 fxp0
> > 1.2.3.193 link#1 fxp0
> > 1.2.3.192/29 link#2 fxp1
> > 1.2.3.196 lo0
> > 1.2.3.197 lo0
> >
> > The gateway_enable (net.inet.ip.forwarding) is also enabled on
> > the firewall.
>
> with a *routing* firewall, like the one you are using, you must have two
> different IP subnets, one for each physical interface (or else, the
> kernel will not know which interface to use to send a packet).
You can handle it by using host routes to the interior computers, but that
is messy.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
wes@softweyr.com http://softweyr.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39EA0823.D9D353D8>