Date: Thu, 5 Jun 2003 08:36:50 -0400 From: "Mark Thomas" <mthomas@breakawayltd.com> To: <freebsd-questions@freebsd.org> Subject: Firewall/DMZ routing Message-ID: <KOEILOHHAMNABNLJONMMIEGOCAAA.mthomas@breakawayltd.com>
next in thread | raw e-mail | index | archive | help
[Please cc me directly with any replies. Thanks] I'm setting up a multihomed firewall box. I have all interfaces up and running but have something going wrong with routing. The setup: ISP router [A.B.C.144/28, using A.B.C.145] | FIREWALL PUBLIC [A.B.C.146/29] FIREWALL DMZ IFACE [A.B.C.153/29] | DMZ TEST HOST [A.B.C.154/29] I can ping all IPs from the firewall, the firewall from the test DMZ host, and the public firewall IP from the world, but not the firewall DMZ interface or the DMZ test host. All interfaces are up. The firewall is setup as a gateway. If I do a tcpdump on the public interface while pinging the test host from the world I see: 08:33:08.160246 arp who-has A.B.C.154 tell A.B.C.145 netstat -rn says: Internet: Destination Gateway Flags Refs Use Netif Expire default A.B.C.145 UGSc 60 879 em0 127.0.0.1 127.0.0.1 UH 1 372 lo0 A.B.C.144/29 link#1 UC 3 0 em0 A.B.C.145 00:02:17:61:75:85 UHLW 1 0 em0 1200 A.B.C.146 00:0b:db:90:37:8b UHLW 0 8 lo0 A.B.C.152/29 link#3 UC 0 0 em2 I think I should have 2 /29 networks with the firewall routing them, right? Do I need to change the router config? Do I need to establish static routes? Thanks for any pointers, Mark Thomas mthomas@breakwayltd.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?KOEILOHHAMNABNLJONMMIEGOCAAA.mthomas>