Date: Mon, 16 Jul 2001 11:13:43 -0400 From: khayman <khayman@carolina.rr.com> To: freebsd-questions@FreeBSD.ORG Subject: Re: routing not working Message-ID: <3B5304A7.547F228F@carolina.rr.com> References: <3B524DD6.9B622A0E@carolina.rr.com> <20010716085537.A16836@pelennor.net>
next in thread | previous in thread | raw e-mail | index | archive | help
there is a private address on the external interface because at present it sits behind a Linksys fw/router, which gets its external DHCP IP from my cable ISP and passes out DHCP to clients on its internal interface. Once i have the fbsd fw configured properly, I will modify the ipf.rules to allow the DHCP server at the ISP to pass traffic to it. Currently the rules allow only the linksys to give it DHCP. I do know that both internal and external interfaces on the fBSD box are alive because a tcpdump on each shows arp traffic and shows echo requests when i ping the interfaces from other machines on each segment. I am running NAT on the fw. But before i can figure out if that works, i need to be able to talk IP. At present, i can't even ping machines on the local segments... 10.10.10.x and 192.168.1.x respectively. any more suggestions?? thanks for the time and help. Bill Jeff Sapp wrote: > > > My routing table looks like this: > > > > Destination Gateway flags refs use Netif Expire > > default 192.168.1.1 UGSc 0 3 de0 > > 10.10.10/24 link#1 UC 1 0 dc0 => > > localhost localhost UH 0 0 lo0 > > 192.168.1 link#2 UC 3 0 de0 => > > > > I have a linksys 4 port router/firewall outside the 192.x interface > > which in turn connects to a cable modem. The goal is to get rid of the > > linksys and have the cbl modem come directly into the BSD firewall. > > Do you get public (and static) ips from your ISP or is there a reason > you are using private network addresses on your external interface? > > If you only get one ip from your ISP, you'll have to run nat on your firewall. > > > My rc.conf file looks like this: > > > > gateway_enable="YES" > > network_interfaces="de0 dc0 lo0" > > ifconfig_de0="DHCP" > > ifconfig_dc0="inet 10.10.10.1 netmask 255.255.255.0" > > . > > . > > ipfilter_enable="YES" > > ipnat_enable="YES" > > That all looks ok. > > > Any suggestions on where to look to see what I've screwed up? > > ps: If and when I get this working properly, does anyone know if I'll > > be able to pass a CheckPoint SecuRemote client thru the firewall?? > > Sure. It shouldn't be too hard to figure out what changes you need to make > to your ipf.rules file. Flush your rules, run tcpdump, then the application, > look at the tcpdump output and change your rules accordingly. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B5304A7.547F228F>