From owner-freebsd-questions Thu Feb 9 10:58:28 1995 Return-Path: questions-owner Received: (from root@localhost) by freefall.cdrom.com (8.6.9/8.6.6) id KAA15346 for questions-outgoing; Thu, 9 Feb 1995 10:58:28 -0800 Received: from dns (root@dns.NetVision.net.il [194.90.1.5]) by freefall.cdrom.com (8.6.9/8.6.6) with ESMTP id KAA15339 for ; Thu, 9 Feb 1995 10:58:20 -0800 Received: from ugen.NetManage.co.il (ugen.netmanage.co.il [192.114.78.165]) by dns (8.6.9/8.6.9) with SMTP id UAA19177; Thu, 9 Feb 1995 20:57:28 +0200 Date: Thu, 9 Feb 95 20:10:11 IST From: "Ugen J.S.Antsilevich" Subject: RE: Firewall help To: Matt Richards Cc: questions@FreeBSD.org X-Mailer: Chameleon 4.00-Arm-25, TCP/IP for Windows, NetManage Inc. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: questions-owner@FreeBSD.org Precedence: bulk Ok..so let's count this mail as my first try to write IP FAQ:) > >How do I choose which interface to use when I traceroute thru to something. >Traceroute doesn't have a -I for interface that I can find. Yes..but if both interfaces are on different networks traceroute will go through appropriate one to this network..see below... > >How do I do I add manually static routes? route add xxx.xxx.xxx.0 yyy.yyy.yyy.yyy (this one for network) route add xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy >Do I need a gateways file in /etc? I tried to make one and it did nothing that >I could tell. I tried several configurations finally ending with the folowing >not doing anything visible: Hmm..never do i..i think this is just a leftover of old days,or may be some routed uses it..dunno..:)We used gated here but as a matter of fact -current internal routing algorithms are pretty good for simple networks like ours... > >hostname.ed0 reads: >129.229.40.151 netmask 0xffffff00 >hostname.ed1 reads: >129.229.40.152 netmask 0xffffff00 UUps....to have routing betwin to physically independant networks you need ever to have ed0 and ed1 on different IP networks like: 129.229.40.151 and 129.229.41.151 or have them on different subnets of smae network like: 129.229.40.150 and 129.229.40.50 with netmask 0xfffffff0 > >Both ed0 and ed1 ifconfig at bootup. > ----------------NOW IP FAQ------------------------------ Lets suppose you want to use FB box as a simple router.What do you need for that? You need two physically different networks like ethernets,FB box, two ethernet cards and a head... Now physically configuration looks like this: [The *INTERNET*] | | ----[ Computer A]-------------[Some messy router R]---------- <--Network 1 | | ed0 interface [FB box here] ed1 interface | | -------------------------[Computer B]--- <--Network 2 What do you want: you want to have Computer A reach computer B and B reach A and even Internet. To do so you should have different adresses for network 1 and 2. Let's take the simplest case: two class C networks. Class C network is network which looks like: xxx.xxx.xxx.number where number is from 0 to 255 . For example network 1 is 194.90.1.x and 2 is 194.90.2.x Then Computer A - 194.90.1.5 Computer B - 194.90.2.10 for example. You need to have then for FB box ed0 - 194.90.1.1 (to be on same network as Computer A) ed1 - 194.90.2.1 (as Computer B) If you do all this you should be able without any special setup ping comp. A and comp. B from FB. You should also be able to ping FB from each one of them.If this does not works - you'v got some really strange problemm but in general case it would be ok. Now..how to get comp.A from comp.B.We do all routing settings by hand for now..later we'll see... You should 1) Say to comp. B that it's route to all outside world goes through FB. route add default 194.90.2.1 (in comp. B) 1a) To verify this working try ping 194.90.1.1 (ed0 adress of FB box) from B.If this works proceed...if not panic("oops"); 2) Say to comp.A that it's route to network 194.90.2. goes via FB. route add 194.90.2 194.90.2.1 (in comp. A) 2a) Veryfy this also.. ping 194.90.2.1 (ed1 adress of FB box) from A.it should work else i dunno... Then try to ping B from A and A from B.Both should work. ping 194.90.1.5 (from B) ping 194.90.2.10 (from A) If they does not , check if GATEWAY option enabled in FB.If it does and still no ping goes,this FAQ does not holds again..:))) Now if ping works(and even telnet) we are almost up. We want only that every computer on net 1 (not only A) would reach B and Co. and every computer on net 2 would reach net 1 and all the world. For a very dummy case(for example both networks are full of Windoze WinSucks) you just set default route for all that comp's to IP adress of router R (for inst. 194.90.1.254) on network 1. You set up default route for all comp's on net 2 to 194.90.2.1 Now you should only teach router R how to get to net 2. This depends,on cisco or some unix box you add 194.90.2. 194.90.1.1 or stuff like that. >From now on you have simplest combination working.Our company which is internet provider btw internally lives with static routes only and,geez,it';s not bad...No routed's involved. All smart decisions can be done then in router R. If this will help i am happy,if not..Try to draw your network layout and i'll look at it:) I can do better doc's.. (well..now it is 22:00 and i am partially asleep) -- -=Ugen J.S.Antsilevich=- NetVision - Israeli Commercial Internet | Learning E-mail: ugen@NetVision.net.il | To Fly. [c] Phone : +972-4-550330 |