From owner-freebsd-ipfw Thu Aug 1 15: 9:52 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2B22137B400 for ; Thu, 1 Aug 2002 15:09:50 -0700 (PDT) Received: from relay03.esat.net (relay03.esat.net [193.95.141.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7EFD043E6E for ; Thu, 1 Aug 2002 15:09:49 -0700 (PDT) (envelope-from phil@ipac.ie) Received: from ipac-gw.cr001.ddm.esat.net (mail.rfc-networks.ie) [193.95.188.30] by relay03.esat.net with esmtp id 17aO8i-0007Pa-00; Thu, 01 Aug 2002 23:09:48 +0100 Received: from tear.domain (unknown [10.0.1.254]) by mail.rfc-networks.ie (Postfix) with ESMTP id 247B654834 for ; Thu, 1 Aug 2002 22:13:49 +0100 (IST) Received: by tear.domain (Postfix, from userid 1000) id 165C92113F; Thu, 1 Aug 2002 23:10:35 +0000 (GMT) Date: Thu, 1 Aug 2002 23:10:35 +0000 From: Philip Reynolds To: freebsd-ipfw@freebsd.org Subject: Re: "ipfw fwd" not working without static route? Message-ID: <20020801231035.B31318@rfc-networks.ie> Reply-To: philip.reynolds@rfc-networks.ie References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: ; from mailing@novaconnect.net on Thu, Aug 01, 2002 at 11:33:52AM -0400 X-Operating-System: FreeBSD 4.6-RC X-URL: http://www.rfc-networks.ie Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Matt Abraham 21 lines of wisdom included: > I'm trying to forward all packets from a privately addressed > machine (172.17.1.5) to a gateway via a FreeBSD box running > ipfw. Here's the ipfw directive: > > fwd 192.168.215.15 log logamount 10000 ip from 172.17.1.5 to > any > > Now when I ping public address a.b.c.d from 172.17.1.5, I > get a "Destination Host Unreachable." When I try to ping > this same address from the FreeBSD box, I get a "No route to > host" message. Adding a static route, however, solves the > problem: > > route add -net a.b.c.d 192.169.215.15 > > ...so now I can ping from both 172.17.1.5 and my FreeBSD > firewall! Of course, having to add routes, sort of defeats > the ipfw fwd command, doesn't it? a ``route'' is basically a road from one destination to another (i.e. a way of getting from A to B). Take this scenario, a meeting point in building A has been moved to building B. You have been designated to tell everyone that is coming to building A to go to building B. However, for this to happen there has to be a route (you can see where I'm going now I hope) from building A to building B. perhaps you need to set your default route? OR you need to either add in these static routes, or setup your network and interfaces in such a way as the routes are obvious (subnets, netmasks that kind of thing). Regards, -- Philip Reynolds | Technical Director philip.reynolds@rfc-networks.ie | RFC Networks Ltd. http://www.rfc-networks.ie | +353 (0)1 8832063 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message