Skip site navigation (1)Skip section navigation (2)
Date:      Thu,  9 Feb 95 20:10:11 IST
From:      "Ugen J.S.Antsilevich" <ugen@netvision.net.il>
To:        Matt Richards <richards@vinny.cecer.army.mil>
Cc:        questions@FreeBSD.org
Subject:   RE: Firewall help 
Message-ID:  <Chameleon.950209205452.ugen@ugen.NetManage.co.il>

next in thread | raw e-mail | index | archive | help
Ok..so let's count this mail as my first try to write IP FAQ:)
>
>How do I choose which interface to use when I traceroute thru to something.
>Traceroute doesn't have a -I for interface that I can find.
Yes..but if both interfaces are on different networks traceroute will go 
through appropriate one to this network..see below...
>
>How do I do I add manually static routes?
route add xxx.xxx.xxx.0 yyy.yyy.yyy.yyy (this one for network)
route add xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy

>Do I need a gateways file in /etc? I tried to make one and it did nothing that
>I could tell.  I tried several configurations finally ending with the folowing
>not doing anything visible:
Hmm..never do i..i think this is just a leftover of old days,or may be
some routed uses it..dunno..:)We used gated here but as a matter of fact
-current internal routing algorithms are pretty good for simple networks like
ours...
>
>hostname.ed0 reads:
>129.229.40.151 netmask 0xffffff00
>hostname.ed1 reads:
>129.229.40.152 netmask 0xffffff00
UUps....to have routing betwin to physically independant networks you need
ever to have ed0 and ed1 on different IP networks like:
129.229.40.151 and 129.229.41.151 
or have them on different subnets of smae network like:
129.229.40.150 and 129.229.40.50 with netmask 0xfffffff0
>
>Both ed0 and ed1 ifconfig at bootup.
>
----------------NOW IP FAQ------------------------------
Lets suppose you want to use FB box as a simple router.What do you need for that?

You need two physically different networks like ethernets,FB box,
two ethernet cards and a head...

Now physically configuration looks like this:


                         [The *INTERNET*]
                                 |
                                 |
----[ Computer A]-------------[Some messy router R]---------- <--Network 1
                      |
                      |
                     ed0 interface
                  [FB box here]
                     ed1 interface
                      |
                      |
               -------------------------[Computer B]--- <--Network 2

What do you want: you want to have Computer A reach computer B 
and B reach A and even Internet.

To do so you should have different adresses for network 1 and 2.
Let's take the simplest case: two class C networks.
Class C network is network which looks like: xxx.xxx.xxx.number
where number is from 0 to 255 .
For example network 1 is 194.90.1.x and 2 is 194.90.2.x 
Then Computer A - 194.90.1.5
     Computer B - 194.90.2.10 for example.
You need to have then for FB box
ed0 - 194.90.1.1 (to be on same network as Computer A)
ed1 - 194.90.2.1 (as Computer B)

If you do all this you should be able without any special setup
ping comp. A and comp. B from FB. You should also be able to ping FB
from each one of them.If this does not works - you'v got some really strange
problemm but in general case it would be ok.

Now..how to get comp.A from comp.B.We do all routing settings by
hand for now..later we'll see...

You should 
1) Say to comp. B that it's route to all outside world goes
   through FB.
route add default 194.90.2.1 (in comp. B)

1a) To verify this working try 
ping 194.90.1.1 (ed0 adress of FB box) from B.If this works
                 proceed...if not panic("oops");

2) Say to comp.A that it's route to network 194.90.2. goes via FB.
route add 194.90.2 194.90.2.1 (in comp. A)

2a) Veryfy this also..
ping 194.90.2.1 (ed1 adress of FB box) from A.it should work
                 else i dunno...
 

Then try to ping B from A and A from B.Both should work.
ping 194.90.1.5 (from B)
ping 194.90.2.10 (from A)

If they does not , check if GATEWAY option enabled in FB.If it does
and still no ping goes,this FAQ does not holds again..:)))

Now if ping works(and even telnet) we are almost up.
We want only that every computer on net 1 (not only A)
would reach B and Co. and every computer on net 2 would 
reach net 1 and all the world.

For a very dummy case(for example both networks are full of
Windoze WinSucks) you just set default route for all that 
comp's to IP adress of router R (for inst. 194.90.1.254) on
network 1.
You set up default route for all comp's on net 2 to 
194.90.2.1
Now you should only teach router R how to get to net 2.
This depends,on cisco or some unix box you 
add 194.90.2. 194.90.1.1 or stuff like that.

>From now on you have simplest combination working.Our company
which is internet provider btw internally lives with static routes only
and,geez,it';s not bad...No routed's involved.
All smart decisions can be done then in router R.

If this will help i am happy,if not..Try to draw your
network layout and i'll look at it:) I can do better doc's..
(well..now it is 22:00 and i am partially asleep)



-- 
-=Ugen J.S.Antsilevich=-
NetVision - Israeli Commercial Internet          |  Learning 
E-mail: ugen@NetVision.net.il                    | To Fly. [c]
Phone : +972-4-550330                            |   





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Chameleon.950209205452.ugen>