Re: Routing issues

Joseph Scott Sun, 15 Oct 2000 11:26:33 -0700

On Sat, 14 Oct 2000, Gregory Sutter wrote:

> I'm setting up a network that looks like this:
> 
> 
> --Internet----Router---Firewall
>                           |
>                           |               /--- host
>                        Switch----NAT-----<----- host
>                           |               \----- host
>                           |                \----- etc...
>                      ---------
>                      |       |
>                    email     ns

        When I first looked at this, is there a reason why it isn't
something like this instead :

---Internet---Router---|
                       |
                       |
                    Firewall---Nat (Many Hosts)
                       |
                       |
                       |
                  (Multiple Servers)

You have to have a hub/switch between the firewall and each network (the
NAT and the server).  You end up with a firewall with three nics.  One the
surface what I'd probably do with something like this is actually NAT both
the many hosts and the servers network, but on the servers use a 1:1 IP
mapping (bimap if you are using IPFilter).  The thing that would interest
me is if you could use bridging between the outside firewall nic and the
servers network in conjuction with NAT'ing the many hosts network.  This
is something I've wondered about but never tried.  If if it's doable I'm
not sure it would be a good idea.

        Having the three nics would allow you to filter based on that
entire network based on which nic the traffic is coming from or heading
to. 


> 
> In other words, a fairly typical small network.  I've got an 8-IP
> subnet; all hosts outside the NAT have real IPs:
> 
> router: 1.2.3.193
> firewall: 1.2.3.196  fxp0
>           1.2.3.197  fxp1
> nat:      1.2.3.198
> email:    1.2.3.194
> ns:       1.2.3.195
> 
> The problem I'm having is with my routing.  Surprise.  Here is
> the routing table for the firewall:
> 
> default                       1.2.3.193 fxp0
> 1.2.3.193             link#1 fxp0
> 1.2.3.192/29          link#2 fxp1
> 1.2.3.196             lo0
> 1.2.3.197             lo0
> 
> The gateway_enable (net.inet.ip.forwarding) is also enabled on
> the firewall.
> 
> >From the firewall, I can reach any host with no problems.  However,
> from hosts inside the firewall, I cannot reach outside, and vice
> versa.  I feel I must be missing something obvious, but have played
> with routes for hours to no avail.  
> 
> Does anyone see a problem with the routing of this network?
> 
> Greg
> -- 
> Gregory S. Sutter                    Computing is a terminal addiction.
> mailto:[EMAIL PROTECTED] 
> http://www.zer0.org/~gsutter/ 
> PGP DSS public key 0x40AE3052
> 
> 
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-hackers" in the body of the message
> 

---
Joseph Scott
[EMAIL PROTECTED]
The Office Of Water Programs - CSU Sacramento



To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
Re: Routing issues

Reply via email to
