On Mon, Mar 31, 2025 at 05:58:18PM +0000, otto.cooper wrote: > > On Monday, March 31st, 2025 at 5:21 PM, Zé Loff <zel...@zeloff.org> wrote: > > > Any particular reason for having two different interfaces on the same > > subnet, with the same priority? Can you communicate with machines > > connected to the LAN switch with this setup? > > The gateway is on 192.168.1.1, the lan is on 192.168.0/24. It is just the way > it is.
Try this, from the console of your firewall box: 1) ifconfig both interfaces down. 2) for the interface directly connected to the gateway, configure it for dhcp (aka inet autoconf up) If the gateway runs a DHCP service for the 192.168.1/24 network or a subset of that, the directly connected interface on your box will receive an IP address in the correct network. With a bit of luck, you might even get name resolution in place. If DHCP is not available and it's only the gateway and your box on that subnet, choose any unused address within the range that fits the mask and go from there. In either case, you should be able to contact the 192.168.1.1 interface (ping 192.168.1.1 comes to mind) and the now configured interface will have a default route and be a member of the egress group. 3) at this point you can introduce packet filterinng if you so desire 4) for the hosts in the 192.168.0/24 subnet to be able to communicate via your box, you need to both ifconfig up the interface attached to the switch that hosts the 192.168.0/24 network *and* enable inet forwrarding. The rest should be straightforward. Since all addresses you have quoted are RFC1918 non-routeables, it is possible that the gateway takes care of the NATing and you don't need to bother with that part. But I would check to make sure that it does. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
