From owner-freebsd-net@FreeBSD.ORG Thu Aug 7 02:15:27 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 02D5B37B401 for ; Thu, 7 Aug 2003 02:15:27 -0700 (PDT) Received: from rambo.401.cx (rambo.401.cx [80.65.205.166]) by mx1.FreeBSD.org (Postfix) with ESMTP id D8F1B43F75 for ; Thu, 7 Aug 2003 02:15:25 -0700 (PDT) (envelope-from listsub@401.cx) Received: from 401.cx (132.dairy.twenty4help.se [80.65.195.132]) by rambo.401.cx (8.12.9/8.12.9) with ESMTP id h779FM7P066690; Thu, 7 Aug 2003 11:15:22 +0200 (CEST) (envelope-from listsub@401.cx) Message-ID: <3F3218A2.3040802@401.cx> Date: Thu, 07 Aug 2003 11:15:14 +0200 From: "Roger 'Rocky' Vetterberg" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5b) Gecko/20030723 Thunderbird/0.1 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Andre Rein References: <20030807094647.X77217@juergen.edv-winter.de> In-Reply-To: <20030807094647.X77217@juergen.edv-winter.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-net@freebsd.org Subject: Re: Firewall with RFC1918 transfer network X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Aug 2003 09:15:27 -0000 Andre Rein wrote: >Hi, > >I set up a Firewall for our official Network and use a RFC1918 conform >transfer network to communicate to the router. > >Here are my interfaces: > >fxp0: flags=8843 mtu 1500 > inet 192.168.55.74 netmask 0xfffffffc broadcast 192.168.55.75 >fxp1: flags=8943 mtu 1500 > inet 195.226.65.125 netmask 0xffffffc0 broadcast 195.226.65.127 >vr0: flags=8843 mtu 1500 > inet 10.0.0.126 netmask 0xffffff00 broadcast 10.0.0.255 > >My routing table: > >default 192.168.55.73 UGSc 1 822551 fxp0 >10/24 link#3 UC 2 0 vr0 >10.0.0.65 00:50:ba:fb:dc:13 UHLW 1 42895 vr0 473 >10.0.0.254 00:60:b0:6b:08:f3 UHLW 1 1428 vr0 694 >127.0.0.1 127.0.0.1 UH 0 2904 lo0 >192.168.55.72/30 link#1 UC 3 0 fxp0 >192.168.55.73 00:0c:ce:6c:de:53 UHLW 1 0 fxp0 1023 >192.168.55.74 00:60:b0:67:e8:01 UHLW 0 2 lo0 >192.168.55.75 ff:ff:ff:ff:ff:ff UHLWb 0 4 fxp0 >195.226.65.64 ff:ff:ff:ff:ff:ff UHLWb 0 53 fxp1 => >195.226.65.64/26 link#2 UC 19 0 fxp1 >195.226.65.65 00:60:97:b8:7f:89 UHLW 0 48419 fxp1 1098 >195.226.65.66 00:60:97:b8:7f:89 UHLW 0 133 fxp1 160 >195.226.65.67 00:60:97:b8:7f:89 UHLW 0 6 fxp1 161 >.... > > fxp1 fxp0 >|DMZ|--------|Firewall|-------------|Router|-----------|INET| > | > | > | vr0 > | > | > - > back network > _ > > >Everything works fine from my official network to the outside and from the >outside to my onet, except the firewall itself.She uses the ip >192.168.55.74 to communicate to the outside. > >Is there any way to tell her that she have to use her oip 195.226.65.125 >from fxp1? > >greetings > >Andre Rein > > > Set your default route to something that is not in the 192.168.x.x range. The system automatically uses the interface from which it can reach the default gateway as its "primary" interface. -- R