From: "Mark B. Withers" <mwithers@one.net> To: Robert Hough <rch@solveinteractive.com> Cc: freebsd-questions <freebsd-questions@FreeBSD.ORG> Subject: Internal gateway/firewall Message-ID: <20010204104309.E21863@arrakis.desert-power.org> In-Reply-To: <20010203184226.B51545@solveinteractive.com>; from rch@solveinteractive.com on Sat, Feb 03, 2001 at 06:42:05PM -0500 References: <20010203160206.B21863@arrakis.desert-power.org> <20010203161125.D21863@arrakis.desert-power.org> <20010203184226.B51545@solveinteractive.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert,
Thanks for your reply.
I did some experimenting last night with the two interfaces (had them
both plugged into a hub) and found that indeed each interface
responds independantly when called upon by it's ip address.
This is good news.
I am attempting to configure my FreeBSD box as a firewall/gateway. I
have 2 ISA 3-com 509 nics.
The first device ep0 is connected to my DSL "router/modem" and I want
my second interface (ep1) to be connected to my internal lan which
consists of one Win95 machine and the FreeBSD machine ("Foobar").
Here is an equivalent scheme of what it looks like (ips have been
altered to protect the innocent as well):
Also note, ep0 is configured through DHCP
DSL router/modem = 10.255.23.161
ep0 = 10.255.23.164
netmask = 255.255.255.248
broadcast = 10.255.23.167
windows machine = 10.255.23.162 (same netmask and broadcast as ep0)
Proposed ip scheme for ep1:
ep1 = 192.0.0.1
subnetmask 255.255.255.248 (thought there was no need for more than 8)
broadcast 192.0.0.7
Whenever I configured and bring ep1 up, I receive the following error
message (ip's changed to match above example):
The bottom line of this posted error messages is that I don't yet know
how to manually configure my routing table nor do I currently know how
to configured /etc/rc.conf for this yet. I need to recompile the
kernel first. Any information you can provide as far as routing goes
to the diagram at the bottom (Network Diagram) would be helpful.
I just included this information for reference in case it is needed.
Feb 3 19:00:51 foobar /kernel: arp: 10.255.23.161 is on ep0 but got
reply from ** mac address of dsl router/modem ** on ep1
** ip addrss belongs to the router/modem and the mac address also, but
the system somehow ties or links it to device ep0 and states that the
reply is from ep1 **
Feb 3 19:05:21 foobar /kernel: arp: 10.255.23.162 is on ep0 but got
reply from ** mac address from windows machine ** on ep1
** ip address belongs to windows machine. somehow links to ep0 and
gets reply from (mac address of windows machine) on ep1. **
Feb 3 19:05:21 foobar /kernel: arp: 10.255.23.161 is on ep0 but got
reply from ** mac address of dsl router/modem ** on ep1
** IP address is from windows machine on ep0, but got reply from mac
address of windows machine on ep1 **
Feb 3 19:09:23 foobar /kernel: arp: 10.255.23.164 is on lo0 but got
reply from ** mac address for ep0 ** on ep1
** here we have the ip address for ep0 along with the mac address for
ep0, but the kernel called it "ep1" at the end of the line ?? **
Feb 3 19:09:23 foobar /kernel: arp: 10.255.23.161 is on ep0 but got
reply from ** mac address of dsl router/modem ?? ** on ep1
** here we have the ip address of the dsl router/modem saying it's on
ep0 but received a reply from the mac address of the dsl router/modem.
**
Here is the output of ipconfig -a on my system:
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
ep0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 10.255.23.164 netmask 0xfffffff8 broadcast 10.255.23.167
ether ** mac address of ep0 **
media: 10baseT/UTP
supported media: 10baseT/UTP
ep1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.0.0.1 netmask 0xfffffff8 broadcast 192.0.0.7
ether ** mac address of ep1 **
media: 10baseT/UTP
supported media: 10base2/BNC 10baseT/UTP
Here is the output from netstat :
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 10.255.23.161 UGSc ep0
10.255.23.160/29 link#2 UC ep0 =>
10.255.23.161 *router mac addr* UHLW ep0 1198
10.255.23.164 *mac of ep0* UHLW lo0
127.0.0.1 127.0.0.1 UH lo0
** I omitted ipv6 info here. **
That's about all the info I can give. I've saved this information as a
reference so that I can further analyse it.
Everything's not hooked up correctly right now so I am not surprised
that it's behaving strangely.
I wish to have the following format:
(Network Diagram)
DSL router/Modem
|
ep0
|
Foobar --> FreeBSD machine w/2 ISA nics
|
ep1 --> Would bridging be necessary to separate this?
|
Hub
|
Windows machine
I'll probably have to reset the ip address configuration/routing
information on the windows box after I figure out my new kernel
configuration. Recompiling the kernel is necessary for this.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010204104309.E21863>