Date: Fri, 02 Aug 2002 09:53:28 -0400 From: "Matt Abraham" <mailing@novaconnect.net> To: freebsd-ipfw@freebsd.org Subject: Re: "ipfw fwd" not working without static route? Message-ID: <web-45259@novaconnect.net> In-Reply-To: <20020801231035.B31318@rfc-networks.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
See inline... On Thu, 1 Aug 2002 23:10:35 +0000 Philip Reynolds <philip.reynolds@rfc-networks.ie> wrote: > *This message was transferred with a trial version of > CommuniGate(tm) Pro* > Matt Abraham <mailing@novaconnect.net> 21 lines of wisdom > included: > > I'm trying to forward all packets from a privately > addressed > > machine (172.17.1.5) to a gateway via a FreeBSD box > running > > ipfw. Here's the ipfw directive: > > > > fwd 192.168.215.15 log logamount 10000 ip from > 172.17.1.5 to > > any > > > > Now when I ping public address a.b.c.d from 172.17.1.5, > I > > get a "Destination Host Unreachable." When I try to > ping > > this same address from the FreeBSD box, I get a "No > route to > > host" message. Adding a static route, however, solves > the > > problem: > > > > route add -net a.b.c.d 192.169.215.15 > > > > ...so now I can ping from both 172.17.1.5 and my > FreeBSD > > firewall! Of course, having to add routes, sort of > defeats > > the ipfw fwd command, doesn't it? > > a ``route'' is basically a road from one destination to > another > (i.e. a way of getting from A to B). > > Take this scenario, a meeting point in building A has > been moved to > building B. You have been designated to tell everyone > that is coming > to building A to go to building B. However, for this to > happen there > has to be a route (you can see where I'm going now I > hope) from > building A to building B. > I think in my case, a better scenario would be that I still want to have the meeting point in building A for everyone EXCEPT those from say, the Purchasing department; those indiviuals should go over to building B. > perhaps you need to set your default route? > > OR > > you need to either add in these static routes, or setup > your network > and interfaces in such a way as the routes are obvious > (subnets, > netmasks that kind of thing). > Now the use of static routes become problematic because the route now only applies to packets that match a certain criteria, namely having a source address of 172.17.1.5. If I modify the netmasks on the box (and not use ipfw fwd), I change the behaviour for all packets coming through...not what I want to do. Matt Abraham mailling@novaconnect.net > Regards, > -- > Philip Reynolds | Technical Director > philip.reynolds@rfc-networks.ie | RFC Networks Ltd. > http://www.rfc-networks.ie | +353 (0)1 8832063 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the > message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?web-45259>