Date: Wed, 21 Nov 2001 07:32:11 +0200 From: "Patrick O'Reilly" <patrick@mip.co.za> To: "Zak Johnson" <zakj@fenris.cc> Cc: "FreeBSD Question List" <freebsd-questions@freebsd.org> Subject: RE: Complex routing for a firewall Message-ID: <NDBBIMKICMDGDMNOOCAIAEDODPAA.patrick@mip.co.za> In-Reply-To: <20011120172734.GB4463@loki.intra>
next in thread | previous in thread | raw e-mail | index | archive | help
> From: Zak Johnson [mailto:zakj@fenris.cc]
> Sent: 20 November 2001 19:28
>
> Thank you. According to my ISP, this is standard procedure for him; he
> claims Linux can handle this sort of setup just fine, although he hasn't
> shown me a working example. At any rate, I'll have to convince him to
> hand me out another IP in the gateway's netblock.
>
I dunno what he's smoking, but it must be good stuff! :)
Each link in an IP environment MUST be a network in its own right, even if
it is just a tiny subnet for a PPP link. The layout I described has two
distinct networks, one for the PPP link and one for the DMZ/Public LAN. To
use an address from one network on a NIC attached to the other network just
does not make sense. Whether the OS is Linux (or FreeBSD, or anything else)
has nothing to do with the issue!
Anyway, I suspect I am preaching to the converted. What surprises me is
that an ISP (whose one and only order of business is IP networking) is
apparently confused about how it should work!
Here's a thought - I have previously had problems when dealing with a sales
person, or Customer Relationship Manager, or similar. These folks are NOT
technically minded, even though they might work for an ISP. He could easily
be omitting some vital information without even knowing it. Try to get hold
of the technical guy who is configuring the Router which is your gateway
(x.x.164.1). He will know which IP blocks have been allocated and routed to
you. And he should be able to confirm whether my guesswork before is
actually correct or not.
I hope you get this sorted out.
Regards,
Patrick.
PS:
I notice that I forgot to copy my previous reply to the List, so I'm
including it here in case anyone else is in need of the same type of
information:
--------------------------------------------
Zak,
as Crist already suggested, your topology as described cannot work. I think
the problem is that you and your ISP are not quite on the same wavelength.
Looking at the info in your message, here is what I would _GUESS_ your
topology should be. You should verify this with your ISP.
ISP Gateway
x.x.164.1 /30
|
|
rl0 = x.x.164.2 /30
Your Firewall /Gateway
rl1 = x.x.165.233/29
|
|
Other Servers
x.x.165.234/29
x.x.165.235/29
x.x.165.236/29
x.x.165.237/29
x.x.165.238/29
If this is correct, then all you need to do on your gateway is:
------------------------
defaultrouter=x.x.164.1
------------------------
in /etc/rc.conf
HTH,
Patrick.
-----------------------------------------------
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NDBBIMKICMDGDMNOOCAIAEDODPAA.patrick>