Date: Sat, 8 Sep 2001 22:59:02 -0500 From: "gLaNDix" <glandix@lloydix.2y.net> To: <freebsd-questions@freebsd.org> Subject: Re: Problems about routing Message-ID: <006401c138e3$c4256040$0200a8c0@2y.net> References: <5.0.2.1.0.20010909133946.00ae3b90@localhost> <005101c138e3$95199d20$0200a8c0@2y.net>
next in thread | previous in thread | raw e-mail | index | archive | help
crap... sorry about the multiple posts... my mail client is acting screwy today ------------------------- Jesse (gLaNDix) Kaufman glandix@lloydix.2y.net http://lloydix.2y.net ------------------------- <<< FreeBSD lloydix.2y.net FreeBSD 4.3-RELEASE #1: Tue Aug 14 02:48:31 CDT 2001 glandix@lloydix.2y.net:/usr/src/sys/compile/LLOYDIX i386 >>> ----- Original Message ----- From: "gLaNDix" <glandix@lloydix.2y.net> To: <freebsd-questions@FreeBSD.ORG> Sent: Saturday, September 08, 2001 10:57 PM Subject: Re: Problems about routing > Is there a good example of a "normal" (somewhat lenient) set of rules for > IPFW? I've messed around with 'firewall_type="OPEN"', and > 'firewall_type="SIMPLE"', but there are some other things I'd like to add > to them... I guess I could just add them into the /etc/rc.firewall file, > but is that a good way to alter your firewall rules or is there a better > way? > > ------------------------- > Jesse (gLaNDix) Kaufman > glandix@lloydix.2y.net > http://lloydix.2y.net > ------------------------- > > <<< FreeBSD lloydix.2y.net FreeBSD 4.3-RELEASE #1: Tue Aug 14 02:48:31 CDT > 2001 glandix@lloydix.2y.net:/usr/src/sys/compile/LLOYDIX i386 >>> > > ----- Original Message ----- > From: "Robert Moss" <rmoss@bigpond.net.au> > To: "Wing Tim" <twchim1@hotmail.com>; <freebsd-questions@FreeBSD.ORG> > Sent: Saturday, September 08, 2001 10:44 PM > Subject: Re: Problems about routing > > > > Two problems here: you are firewalling, and routing incorrectly. > > > > 1) When you are testing, take off the firewall. Only when you know for > > certain your setup is working correctly should you start playing with > > firewall rules. > > > > 2) Your routing wont work, your doing it the wrong way. > > You can't (easily) have the same network across two interfaces. > > I suggest you change machine1 to have a different ip RANGE, so instead > of > > 192.168.0.1 have it 192.168.1.1 > > Also you will need to change the interface on Machine2 so it is on the > same > > network. > > > > If you are unsure as to why you need to do this, i suggest you read up > on > > some TCP/IP books. > > > > rob. > > > > At 01:04 AM 9/09/2001 +0800, Wing Tim wrote: > > >Hello, > > > > > >I have 3 machines. Machine 1 has 1 Ethernet card E1 with IP 192.168.0.1 > > >and is running Windows 2000 Server. Machine 2 has 2 Ethernet cards E2 > with > > >IP 192.168.0.2 and E3 with IP 192.168.0.3 and is running FreeBSD 4.2 > > >Release. Machine 3 has 1 Ethernet card E4 with IP 192.168.0.4. I really > > >want to use the FreeBSD machine to control the data flow between > Machine 1 > > >and Machine 3 and so I have set up a firewall gateway in it. I have > added > > >the following into the kernel configuration file GENERIC: > > > > > >options IPFIREWALL > > >options IPFIREWALL_VERBOSE > > >options IPFIREWALL_DEFAULT_TO_ACCEPT > > >options IPFIREWALL_VERBOSE_LIMIT = 200 > > >options IPDIVERT > > > > > >options DUMMYNET > > >options BRIDGE > > > > > >Then recompile everything and add the following into rc.conf: > > >gateway_enable=YES > > >firewall_enable="YES" > > >firewall_type="open" > > >firewall_quite="NO" > > > > > >sysctl -w net.link.ether.bridge=1 > > > > > >After that, I found Machine 1 can ping E2 and E3 but not E4. Also > Machine > > >2 can ping E1 and E4. Upon running "ifconfig -a", I found E2 belongs to > > >xl0 and E3 belongs to vx0. However, when running "netstat -r", I > totally > > >can't find the entry of vx0 just like those for xl0. Can anyone tell me > > >what mistake I have made? What should I change so that Machine 1 can > ping > > >Machine 3? > > > > > >Thanks very much for all your help! > > > > > >Regards, > > >Wing > > > > > > > > > > > >_________________________________________________________________ > > >Get your FREE download of MSN Explorer at > http://explorer.msn.com/intl.asp > > > > > > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org > > >with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?006401c138e3$c4256040$0200a8c0>