Re: Routing issues

Gregory Sutter Mon, 16 Oct 2000 16:28:24 -0700
On 2000-10-15 13:40 -0600, Wes Peters <[EMAIL PROTECTED]> wrote:
> Thierry Herbelot wrote:
> > Gregory Sutter wrote:
> > >
> > > I'm setting up a network that looks like this:
> > >
> > > --Internet----Router---Firewall
> > >                           |
> > >                           |               /--- host
> > >                        Switch----NAT-----<----- host
> > >                           |               \----- host
> > >                           |                \----- etc...
> > >                      ---------
> > >                      |       |
> > >                    email     ns
> > >
> > > In other words, a fairly typical small network.  I've got an 8-IP
> > > subnet; all hosts outside the NAT have real IPs:
> > >
> > > router: 1.2.3.193
> > > firewall: 1.2.3.196  fxp0
> > >           1.2.3.197  fxp1
> > > nat:      1.2.3.198
> > > email:    1.2.3.194
> > > ns:       1.2.3.195
> > >
> > > The problem I'm having is with my routing.  Surprise.  Here is
> > > the routing table for the firewall:
> > >
> > > default                 1.2.3.193 fxp0
> > > 1.2.3.193               link#1 fxp0
> > > 1.2.3.192/29            link#2 fxp1
> > > 1.2.3.196               lo0
> > > 1.2.3.197               lo0
> > >
> > > The gateway_enable (net.inet.ip.forwarding) is also enabled on
> > > the firewall.
> > 
> > with a *routing* firewall, like the one you are using, you must have two
> > different IP subnets, one for each physical interface (or else, the
> > kernel will not know which interface to use to send a packet).
> 
> You can handle it by using host routes to the interior computers, but that
> is messy.

The bridging was the key that I was missing.  Turning it on instantly
resulted in a working network with the configuration described above.
The default route, since it's a host route anyway, is entered with 
interface fxp0, and the rest of the 1.2.3.192/29 network is routed
with interface fxp1.  

Destination        Gateway            Flags     Refs     Use     Netif Expire
default            1.2.3.193          UGSc        1   163304     fxp0
127.0.0.1          127.0.0.1          UH          0        0      lo0
1.2.3.192/29       link#2             UCSc        3        0     fxp1 =>
1.2.3.193          0:f:cf:7f:ff:f4    UHLW        1       32     fxp0   1032
1.2.3.196          0:df:f7:f6:1f:f6   UHLW        0      106      lo0
1.2.3.197          0:f:bf:f:df:f1     UHLS        0        2      lo0

net.inet.ip.forwarding: 1
net.link.ether.bridge_cfg: fxp0:1,fxp1:1,
net.link.ether.bridge: 1
net.link.ether.bridge_ipfw: 1

Thanks to all who replied!  

Greg
-- 
Gregory S. Sutter                       "How do I read this file?"
mailto:[EMAIL PROTECTED]                 "You uudecode it."
http://www.zer0.org/~gsutter/           "I I I decode it?"


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
Re: Routing issues

Reply via email to
