From owner-freebsd-ipfw Fri Aug 2 6:56: 0 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 424B037B400 for ; Fri, 2 Aug 2002 06:55:56 -0700 (PDT) Received: from novaconnect.net (ns.novaconnect.net [205.150.191.170]) by mx1.FreeBSD.org (Postfix) with ESMTP id 73CB943E81 for ; Fri, 2 Aug 2002 06:55:55 -0700 (PDT) (envelope-from mailing@novaconnect.net) Received: from [64.229.118.242] (account ) by novaconnect.net (CommuniGate Pro WebUser 3.5b5) with HTTP id 45259 for ; Fri, 02 Aug 2002 09:53:28 -0400 From: "Matt Abraham" Subject: Re: "ipfw fwd" not working without static route? To: freebsd-ipfw@freebsd.org X-Mailer: CommuniGate Pro Web Mailer v.3.5b5 Date: Fri, 02 Aug 2002 09:53:28 -0400 Message-ID: In-Reply-To: <20020801231035.B31318@rfc-networks.ie> MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 8bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG See inline... On Thu, 1 Aug 2002 23:10:35 +0000 Philip Reynolds wrote: > *This message was transferred with a trial version of > CommuniGate(tm) Pro* > Matt Abraham 21 lines of wisdom > included: > > I'm trying to forward all packets from a privately > addressed > > machine (172.17.1.5) to a gateway via a FreeBSD box > running > > ipfw. Here's the ipfw directive: > > > > fwd 192.168.215.15 log logamount 10000 ip from > 172.17.1.5 to > > any > > > > Now when I ping public address a.b.c.d from 172.17.1.5, > I > > get a "Destination Host Unreachable." When I try to > ping > > this same address from the FreeBSD box, I get a "No > route to > > host" message. Adding a static route, however, solves > the > > problem: > > > > route add -net a.b.c.d 192.169.215.15 > > > > ...so now I can ping from both 172.17.1.5 and my > FreeBSD > > firewall! Of course, having to add routes, sort of > defeats > > the ipfw fwd command, doesn't it? > > a ``route'' is basically a road from one destination to > another > (i.e. a way of getting from A to B). > > Take this scenario, a meeting point in building A has > been moved to > building B. You have been designated to tell everyone > that is coming > to building A to go to building B. However, for this to > happen there > has to be a route (you can see where I'm going now I > hope) from > building A to building B. > I think in my case, a better scenario would be that I still want to have the meeting point in building A for everyone EXCEPT those from say, the Purchasing department; those indiviuals should go over to building B. > perhaps you need to set your default route? > > OR > > you need to either add in these static routes, or setup > your network > and interfaces in such a way as the routes are obvious > (subnets, > netmasks that kind of thing). > Now the use of static routes become problematic because the route now only applies to packets that match a certain criteria, namely having a source address of 172.17.1.5. If I modify the netmasks on the box (and not use ipfw fwd), I change the behaviour for all packets coming through...not what I want to do. Matt Abraham mailling@novaconnect.net > Regards, > -- > Philip Reynolds | Technical Director > philip.reynolds@rfc-networks.ie | RFC Networks Ltd. > http://www.rfc-networks.ie | +353 (0)1 8832063 > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the > message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message