Date: Mon, 17 Jan 2005 16:27:20 +0100 (CET) From: "Gelsema, Patrick" <gelsema@superhero.nl> To: "Tim Preece" <bsdbod@yahoo.co.uk> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: Routing problem on 3 homed host Message-ID: <57457.195.50.100.20.1105975640.squirrel@195.50.100.20> In-Reply-To: <20050117150303.94417.qmail@web26507.mail.ukl.yahoo.com> References: <20050117150303.94417.qmail@web26507.mail.ukl.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
You should add on your router the following routes 192.168.1.0/24 192.168.2.0/24 with gateway 192.168.0.2 (interface firewall) Your router doesn't know where to return the packets to. And your firewall needs to route 0.0.0.0 to 192.168.0.1 (router interface) Your CIDR is good. These changes should make it work. Use tracert or traceroute to see at which hop it goes wrong. Regards Patrick > Hi, > > I am really having problems with this, any help appreciated. > > Amended repost of "ipnat port forwarding froblem" > > The configuration: > > Router: > This is a dedicated ADSL router with integrated firewall and nat > The firewall cannot be configured other than turning ports > on and off for traffic from the internet and routing traffic > to specific hosts. All traffic is sent to the firewall. > Firewall: > This firewall is an i386 arch FreeBSD 5.3 build currently running > ipf and ipnat and sits on the three networks 192.168.0.0/24, > 192.168.1.0/24 and 192.168.2.0/24 (This may be wrong, I am unsure > of CIDR - please advise if it is). > rc.conf: > gateway_enable="YES" > ipf_enable="YES" > ipnat_enable="YES" > No nameserver setup all info in hosts files except for 192.168.0.1 > for traffic to and from the internet. > resolv.conf: > domain somenet.com > nameserver 192.168.0.2 > nameserver 192.168.0.1 > ipnat.rules: > map dc0 192.168.2.0/24 -> 192.168.0.2/32 portmap tcp/udp > 10000:20000 > map dc0 192.168.2.0/24 -> 192.168.0.2/32 > map dc0 192.168.1.0/24 -> 192.168.0.2/32 portmap tcp/udp > 20001:40000 > map dc0 192.168.1.0/24 -> 192.168.0.2/32 > ipf.rules: - wide open until I can get this working > pass out quick all > pass in quick all > > The setup: (simpified) > > ---------- > |Internet| > ---------- > | > IP: 192.168.0.10 | IP: x.x.x.x > ---------- ---------- > | Laptop |----------------| Router | > ---------- ---------- > | IP: 192.168.0.1 > | > | IP: 192.168.0.2 IF: dc0 > -------------- > | Firewall | > |------------- > IP: 192.168.1.2 IF: dc1 | | IP 192.168.2.2 IF: rl0 > | | > IP: 192.168.1.10 | | > ----------- --- > | DMZ Host| | | Switch > ----------- | | > | | > --- > | > | > | > ------------ > | Pri Host | > ------------ > > The problem: > The firewall can ping the router, dmz host and private host > and can retrieve html pages from the internet. > The laptop can ping the firewall > The dmz host can ping the firewall > The private host can ping the firewall > The dmz host and private host cannot ping the router or > retrieve pages from the internet. (No route to host) > > Is there something else that I need to setup or do to enable routing > the packets between the 3 networks ? > > Any help greatly appreciated. > > - > Tim Preece. > > > > > > > > ___________________________________________________________ > ALL-NEW Yahoo! Messenger - all new features - even more fun! > http://uk.messenger.yahoo.com > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?57457.195.50.100.20.1105975640.squirrel>