From owner-freebsd-isp Thu Dec 14 14:12: 6 2000 From owner-freebsd-isp@FreeBSD.ORG Thu Dec 14 14:12:02 2000 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from ns0.sitesnow.com (ns0.sitesnow.com [63.166.182.130]) by hub.freebsd.org (Postfix) with ESMTP id 6F6D237B400 for ; Thu, 14 Dec 2000 14:12:01 -0800 (PST) Received: from gskouby by ns0.sitesnow.com with local (Exim 3.13 #1) id 146gbT-000LaW-00 for freebsd-isp@freebsd.org; Thu, 14 Dec 2000 17:11:55 -0500 Date: Thu, 14 Dec 2000 17:11:55 -0500 From: Greg Skouby To: freebsd-isp@freebsd.org Subject: ipfw/routing/subnet problems Message-ID: <20001214171155.A81544@sitesnow.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i Sender: Greg Skouby Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, This is currently what my network looks like: -- Sprint T1 ---> cisco_2501 ---> BSD Router/Firewall --> catalyst #1 | | | | | (catalyst # 2) Setup: The BSD box has 5 Intel Pro 100bs in it but as you can see from the above we are only using 3 of them We are using fxp1, fxp2, and fxp4 right now but plan to transition into using all of them (be patient :) The eth0 on the cicso 2501 is 192.168.1.1 255.255.255.128 The outside interface (fxp1) on the BSD router is 192.168.1.16 255.255.255.128 fxp2 is plugged into the cisco catalyst and has 10.1.1.1 255.255.255.0 fxp4 is also plugged into the cisco catalyst and has 192.168.1.128 255.255.255.128 I know this is not the most optimum solution but it works for now. This is transitional so I don't expect it to be pretty. This setup is working fine. It is when I move to the second phase of this project that things go haywire. Second phase should look like this: --> Sprint T1 --> cisco_2501 --> BSD Router/Firewall --> 2 NICS into (catalyst # 1) | | | | | | catalyst # 2 With the network setup like this: The eth0 on the cicso 2501 is 192.168.1.1 255.255.255.128 The outside interface (fxp1) on the BSD router is 192.168.1.16 255.255.255.128 fxp2 is plugged into catalyst #2 and is 10.1.1.1 255.255.255.128 fxp3 is plugged into catalyst #1 and is 10.1.1.128 255.255.255.128 fxp4 is plugged into catalyst #1 and is 192.168.1.128 255.255.255.128 Workstations/Servers from 192.168.1.128/25 are plugged into that first catalyst and so are workstations/servers from 10.1.1.128/25 workstations/servers from 10.1.1.0/25 are plugged into that second catalyst However, when I move to this topology things are very flakey. Like I can ping to inside and outside the network but traceroutes time out on the first hop. Some people from the outside can reach the inside and some can't. Even some people in the 192.168.1.128/25 block lose connectivity and some retain connectivity. It is very strange. I am not filtering anything with the firewall yet. Just trying to get this set up. Any pitfalls to my diagrams or plan? Thanks for the input. This is alll hard to write in an email so please ask questions if my diagram is vague. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message