From owner-freebsd-ipfw@FreeBSD.ORG Fri Jul 28 08:05:14 2006 Return-Path: X-Original-To: ipfw@freebsd.org Delivered-To: freebsd-ipfw@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 21E1A16A4E9 for ; Fri, 28 Jul 2006 08:05:14 +0000 (UTC) (envelope-from vladone@spaingsm.com) Received: from mail.spaingsm.com (llwb135.servidoresdns.net [217.76.137.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7156143D4C for ; Fri, 28 Jul 2006 08:05:10 +0000 (GMT) (envelope-from vladone@spaingsm.com) Received: from localhost (unknown [88.158.112.6]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.spaingsm.com (Postfix) with ESMTP id 999C424C654 for ; Fri, 28 Jul 2006 09:27:45 +0200 (CEST) Date: Fri, 28 Jul 2006 11:05:14 +0300 From: vladone X-Mailer: The Bat! (v3.80.03) Professional X-Priority: 3 (Normal) Message-ID: <367935308.20060728110514@spaingsm.com> To: ipfw@freebsd.org In-Reply-To: <44C7F4BE.2080805@elaconta.com> References: <44C7C55E.3090907@elaconta.com> <44C7F4BE.2080805@elaconta.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Cc: Subject: Re[2]: FreeBSD Gateway to replace old Linux gateway X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vladone List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Jul 2006 08:05:14 -0000 Hello elaconta.com, Thursday, July 27, 2006, 2:03:26 AM, you wrote: > Tony Abou-Assaleh wrote: >> I would like to see a reference that shows that it is not possible to ha= ve >> two networks with the same subnet IP ranges. In fact, your working linux >> PC is a good example that it can be done. >> >> You need to be careful not to use the same full IP address on both sides >> of the network, that's about it. The rest can be handled with a proper >> configuration of the routing table. >> >> take a look at your routing table (using route) and see if you can >> reproduce it on FreeBSD. If you run into problems on the freebsd, report >> them, and someone might recognize something. >> >> Cheers, >> >> TAA >> >> ----------------------------------------------------- >> Tony Abou-Assaleh >> Email: taa@acm.org >> Web site: http://taa.eits.ca >> ----------------------[THE END]---------------------- >> >> On Wed, 26 Jul 2006, elaconta.com Webmaster wrote: >> >> =20 >>> Howdy >>> >>> We have here an old (Mandrake Linux 8 - yeah i know...) PC with two NICs >>> which serves as a firewall for our LAN and runs a Bind caching nameserv= er. >>> Although the machine is getting old, it still works well. Thing is, i'm >>> having a hard time trying to reproduce it, that is, getting another PC >>> to do exactly the same thing this PC is doing. It was configured by a >>> guy that left the company, so i can't simply ask him how he configured >>> it configured. >>> It's a precautionary measure, if the machine breaks down we need another >>> one to go in its place. >>> So while am at it i would love to replace the crusty old thing with a >>> new one running FreeBSD. >>> The networking scheme is: >>> >>> Router (192.168.1.120) <-> (192.168.1.121) Firewall PC (192.168.1.122) >>> <-> (192.168.1.0/24) LAN >>> >>> Now, thing is, the Linux firewall has two NICs: >>> >>> NIC 1: 192.168.1.121 >>> NIC 2: 192.168.1.122 >>> >>> The two NICs on the Linux box are configured with 192.168.1.121 and >>> 192.168.1.122, both interfaces on the same subnet. 192.168.1.121 acesses >>> the company router (192.168.1.120) and 192.168.1.122 acesses the company >>> LAN (192.168.1.0/24) >>> >From what i've googled, this shouldn't even be possible, everything is >>> on the same subnet. Regardless, it works great, and if i went and got an >>> FreeBSD rig to replace the old Linux rig, it would have to retain this >>> networking scheme, we can't afford to reconfigure the entire network >>> just for switching our firewall. >>> >>> I known we could use a network bridge, but we need the caching >>> nameserver functionality. >>> >>> I'm an all round Unix guy, but i'm a bit green on the routing departame= nt. >>> >>> Can an FreeBSD box be configured the same way the Linux box is so it can >>> be a drop-in replacement for the Linux box? I can of course depict in >>> further detail the configuration of the Linux box (netstat -r to show >>> the routes, ifconfig or whatever). >>> >>> I've already prepped a FreeBSD 6.1 box which already works if the NICs = in the gateway >>> are in different subnets (dc0 is 192.168.1.125 and dc1 is 192.168.0.5, = for instance), >>> i've changed a PC in the network to the 192.168.0.20 IP (instead of 192= .168.1.20) and >>> if connected without a problem to the Internet, but we have lots of app= liances which >>> depend on the 192.168.1.0 style network. We would need the two NICs in = the box to be in the same subnet... >>> >>> ----------------------------- >>> Elaconta.com Webmaster >>> ----------------------------- >>> >>> _______________________________________________ >>> freebsd-ipfw@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >>> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >>> >>> =20 >> >> >> =20 > The routing table on the Linux box, as shown per the "route" command: > [root@visao root]# route > Tabela de Roteamento IP do Kernel > Destino Roteador M=E1scaraGen. Op=E7=F5es M=E9= trica > Ref Uso Iface > 192.168.1.0 * 255.255.255.0 U 0 =20 > 0 0 eth1 > 192.168.1.0 * 255.255.255.0 U 0 =20 > 0 0 eth1 > 127.0.0.0 * 255.0.0.0 U 0 =20 > 0 0 lo > default 192.168.1.120 0.0.0.0 UG 0 =20 > 0 0 eth0 > Hum, some things in this table are in portuguese... Basically "Tabela de > Roteamento IP do Kernel" means Kernel IP Routing Table, "Destino" means > Destiny, "Roteador" means Router, "M=E1scara" means Mask. U have two simply solutions, and one a little more complicated 1. use bridge, ho suggest someoane 2. if dont' wnat to change network configuration, then change part from firewall to hub or modem or what u have. For example modem 10.1.1.1 <----> 10.1.1.2 firewall (freebsd 6.1) 192.168.1.2<------>lan 192.168.1.0/24 with simple natd config like this use_sockets yes same_ports yes interface xl0 dynamic yes assuming that in your firewall, xl0 is external interface with ip 10.1.1.2, config kernel with proper oprions, and use ipfirewall. 3. i think that is a bit more complicate with route but i don't think that can work, but u can try. I recommend u variant 2 because is very clear, and need to change only modem internal ip. --=20 Best regards, vladone mailto:vladone@spaingsm.com