From owner-freebsd-questions@FreeBSD.ORG Wed Dec 12 05:27:36 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 54B6316A418 for ; Wed, 12 Dec 2007 05:27:36 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from gaia.nimnet.asn.au (nimbin.lnk.telstra.net [139.130.45.143]) by mx1.freebsd.org (Postfix) with ESMTP id 5EBF513C458 for ; Wed, 12 Dec 2007 05:27:33 +0000 (UTC) (envelope-from smithi@nimnet.asn.au) Received: from localhost (smithi@localhost) by gaia.nimnet.asn.au (8.8.8/8.8.8R1.5) with SMTP id QAA25181; Wed, 12 Dec 2007 16:26:16 +1100 (EST) (envelope-from smithi@nimnet.asn.au) Date: Wed, 12 Dec 2007 16:26:16 +1100 (EST) From: Ian Smith To: Alaor Barroso de Carvalho Neto In-Reply-To: <20071211221929.059AD16A4CA@hub.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Mailman-Approved-At: Wed, 12 Dec 2007 05:50:35 +0000 Cc: Jonathan Horne , Eric Crist , freebsd-questions@freebsd.org, Trix Farrar Subject: Re: Connecting networks X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 Dec 2007 05:27:36 -0000 Re-copying the various contributors .. On Tue, 11 Dec 2007 20:00:56 -0200 "Alaor Barroso de Carvalho Neto" wrote: > 2007/12/11, Jonathan Horne freebsd@dfwlp.com: > > > out of curiosity, are you pinging from the 4-interfaced-connected BSD > > box, or some other workstation that is trying to use the BSD box as its > > gateway? > > > >From a workstation that is trying to use BSD box as its gateway and have the > ip of the BSD box as it's default gateway in network settings. My BSD box > can ping to everywhere. > > 2007/12/11, Erik Norgaard > > > Could you post your configuration, rc.conf, just the entries related to > > network interfaces and routing? > > > > The BSD box should automatically route any packets between imidiately > > connected networks without adding any static routes. Do you have any > > firewalling enabled? > > > > Cheers, Erik > > > I'm not in my work anymore but I'll try to remember it as it is: > > defaultroute="192.168.1.80" Should be 'defaultrouter', but then it's a route to an apparent local router, whereas your em0 appears to be your public internet connection? > hostname="tiger.administrativo.unedmacae.cefetcampos.br" > gateway_enable="YES" > ifconfig_em0="inet XXX.XXX.XXX.XXX netmask 255.255.255.227" Hopefully you've just mis-remembered that netmask: it's non-contiguous. .224 perhaps? > ifconfig_xl0="inet 192.168.1.244 netmask 255.255.255.0" > ifconfig_xl1="inet 192.168.2.90 netmask 255.255.255.0" > ifconfig_xl2="inet 10.10.0.50 netmask 255.255.0.0" > pf_enable="YES" > pf_rules="/etc/pf.conf" > pf_flags="" > pflog_enable="YES" > pflog_logfile="/var/log/pflog" > pflog_flags="" Let's assume you've disabled your firewall to take that out of the equation till you get the routing happening as desired .. > The rest is just is all the default from the installation. > > 2007/12/11, Eric Crist > > > Add > > > > gateway_enable="YES" to /etc/rc.conf. > > > > Make sure your other systems use the freebsd box in question as their > > default route. I suspect this may be (one of?) your problem(s); more below. > > make sure your firewall, if you have one, is passing the traffic > > between the two networks. > > > > Use pf or some other means to nat outbound traffic. > > > > HTH Let's also assume you're not (on this box) trying to NAT one or more of these multiple private networks to public IP address(es) .. > I already have this line in my rc.conf. > > 2007/12/11, Trix Farrar : > > > It sounds like your BSD server is configured correctly. You may, > > however, need to tell the other devices on your different networks how > > to find their way. > > > > Given that you have networks A, B and C that are each connected to > > each other by your BSD server, F, the hosts on network A have to know > > how to find network B and network C. If the three networks already > > have routers the hosts use as a default gateway, then those routers > > will need to have routes added to find your other networks; the > > network A router needs to have routes to networks B and C that point > > to your BSD server and so on. > > > How I do that? I think this is at the core or your issue. Let's assume that a box on xl1, say 192.168.2.100, wants to talk with a box on xl2, say 10.10.0.100 192.168.2.100 needs either your box (192.168.2.90) as its default route, or it needs to have added a specific route for 10.10 via your box. Similarly, 10.10.0.100 needs either your box (10.10.0.50) as its default route, or it needs to have added a specific route for 192.168.2 via you. Unless both of these conditions are true, packets will not get (or get back) to where they're supposed to go, even if your box setup is all ok. > Thankz guyz for your attention with me! I'm going to have nightmares with > this trouble. Sounds like you need a very good diagram of your boxes and networks and interfaces so you can easily trace all the paths (and thus the necessary routes) between the various subnets you're wanting to interconnect. You also need to look carefully at which boxes/nets have routes to the internet, via wherever (and at what point their addresses are NAT'd to and from which public addresses), so you can hope to resolve the vast potential for routing loops and/or blackholed connections that such a setup offers :) Later on, your firewall may be able to help with this by at least preventing disallowed connections, but the above needs to work first. cheers, Ian