From owner-freebsd-questions  Sat Oct 31 06:13:17 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id GAA29233
          for freebsd-questions-outgoing; Sat, 31 Oct 1998 06:13:17 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from isi.co.jp (ns [202.214.62.35] (may be forged))
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA29214;
          Sat, 31 Oct 1998 06:13:10 -0800 (PST)
          (envelope-from john@isi.co.jp)
Received: by ns.isi.co.jp id <21889>; Sat, 31 Oct 1998 23:12:01 +0900
Date: Sat, 31 Oct 1998 23:06:16 +0900
From: john cooper <john@isi.co.jp>
To: freebsd-hackers@FreeBSD.ORG, freebsd-questions@FreeBSD.ORG
Subject: Request help with packet forwarding problem [2.2.7]..
Cc: john@isi.co.jp, tfujii@isi.co.jp
Message-Id: <98Oct31.231201jst.21889@ns.isi.co.jp>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


Hi,
    I'm trying to get a system configured as a gateway.  The
first step [which I thought would be simple] was to simply
forward packets between interfaces:


         -------
         |     | default gateway: 203.168.62.35
         |  A  |
         |     |
         -------
            | 203.168.62.58 (ed1)
            |
            | 203.168.62.35 (ed0)
         -------
         |     | default gateway: ISP router
         | FW  | net.inet.ip.forwarding: 1
         |     |
         -------
            | 202.214.62.40 (vx0)
            |
       -----|-----------------------------> ISP router + DNS server
            |
            | 202.214.62.62
         -------
         |     | default gateway: ISP router
         |  B  | static route: 202.214.62.40 for net 203.168.62.0
         |     |
         -------

Using netstat and tcpdump I discovered the following.  If I ping
machine B from A, I can see the ICMP packets make this journey:

    ICMP request:  A --> FW --> B    
    ICMP reply:    B --> FW --> land of no return

If I ping machine A from B, I get this:

    ICMP request:  B --> FW --> ISP router

I seems that FW will only forward packets in one direction.
However in the first case it appears the ICMP reply packets
are silently dropped [netstat does not report dropped packets].

In the second case, FW is actively trying to forward the packets
to the default gateway.

I'm at a loss to explain why this is occuring.  I've enabled
packet forwarding in FW's kernel.  Is something else required
to get packets forwarded between network interfaces on the same
machine???

Incidentally, IPFW is not built into machine FW's kernel.

Any suggestions would be most appreciated.

Thanks,

-john

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message