Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 19 Nov 2001 17:05:04 -0500
From:      Zak Johnson <zakj@fenris.cc>
To:        freebsd-questions@freebsd.org
Subject:   Complex routing for a firewall
Message-ID:  <20011119220504.GA3048@loki.intra>

next in thread | raw e-mail | index | archive | help
I am having some trouble setting up routing for my (admittedly strange)
network.  I control x.x.165.232/29.  My gateway (controlled by my ISP)
is x.x.164.1.  My intended setup:

ISP Gateway (x.x.164.1)
        |
firewall rl0 (inet x.x.165.233 netmask 255.255.254.0)
firewall rl1 (inet x.x.165.234 netmask 255.255.255.248)
        |
servers (inet x.x.165.235-237 netmask 255.255.255.248)

The firewall's rl0 has the odd netmask because otherwise FreeBSD
complains on `route add default x.x.164.1`.  Adding the following route
on the firewall allows the firewall to communicate with the servers and
the gateway, and vice-versa:

	route add x.x.165.233/29 -iface rl1 -cloning

But the servers cannot get to the gateway (or even rl0 on the firewall).
Using ipfilter, /etc/ipf.rules says:

	pass in quick all
	pass out quick all

and net.inet.ip.forwarding=1.  What am I missing?  Do I need to try to
convince my ISP to give me one IP on the x.x.164.1/24 network for rl0?
Please let me know if I'm leaving out any required information.

-- 
Zak Johnson <zakj-freebsd@fenris.cc>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011119220504.GA3048>