Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 20 Jan 1999 15:58:19 -0800
From:      GVB <gvb@tns.net>
To:        freebsd-net@FreeBSD.ORG
Subject:   Firewall headaches...
Message-ID:  <4.1.19990120155059.00a64b00@abused.com>
next in thread | raw e-mail | index | archive | help 
Here is my situation.  Cisco router connected to internet lets say
200.200.200.0 255.255.255.0.  I have a FreeBSD 3.0 machine with two network
cards, the first card is connected to the cisco with lets say an IP address
of 200.200.200.2, the cisco being .1 and its gateway.  The second network
card has an IP address out of another subnet, 100.100.100.21 netmask
255.255.255.252 (for testing purposes).  I setup a route in the cisco to
route 100.100.100.20 255.255.255.252 to 200.200.200.2.  So the subnet I am
trying to place behind the firewall is routed to the first network card in
the FreeBSD machine.  I can ping to both of these network cards and get
immediate normal responses from them.  But the machine that is behind the
firewall (connected to the second network card with an IP address of
100.100.100.22, netmask .252, gateway .21) gives me very eratic responses.
I ping it, and it sits for 60 seconds, then I get about 40 replies all at
one time.  The machine can not see out on the web or anything, but I can
telnet to port 139 of the machine (its windows).  The firewall
configuration is completely open and from what I understand this is what I
needed to compile with to get the firewall working;

pseudo-device   bpfilter        4       #Berkeley packet filter
options         IPFIREWALL_VERBOSE
options         IPDIVERT
options         IPFILTER

Here is my ipfw list

65300 allow ip from any to any
65535 deny ip from any to any

Both NICs are configured in rc.conf, firewall is set to open in rc.conf.
Do I need to setup some kind of static routes on the FreeBSD machine, or
run routed or gated or some other routing software?  Any help is greatly
appriciated.

GVB

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.19990120155059.00a64b00>