Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 9 Oct 2001 23:28:57 -0700
From:      "Crist J. Clark" <cristjc@earthlink.net>
To:        "John Holstein, IS" <jholstein@cnpapers.com>
Cc:        questions@FreeBSD.ORG
Subject:   Re: gateway and multiple subnets
Message-ID:  <20011009232857.D387@blossom.cjclark.org>
In-Reply-To: <5.1.0.14.2.20011009143853.041e3ec8@pop.cotse.com>; from jholstein@cnpapers.com on Tue, Oct 09, 2001 at 02:43:53PM -0400
References:  <5.1.0.14.2.20011009143853.041e3ec8@pop.cotse.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Oct 09, 2001 at 02:43:53PM -0400, John Holstein, IS wrote:
> I am setting up a test firewall where I want to pass multiple subnets from 
> ed0 to the internet connection on ed1.
> 
> For instance:
> 
> 192.168.0.x ----->
> 192.168.1.x ----->
>                              -----> ed0 FREEBSD BOX ed1 -------> internet
> 192.9.200.x ----->
> 192.9.205.x ----->
> 
> What is the best way to go about this, without the use of a designated 
> gateway on each subnet.
> 
> set the subnet mask of ed0 to 0.0.0.0?
> 
> I don't need to alias the gateway addresses of all the subnets, the subnets 
> in question are not looking for a particular out... they are being routed 
> from a cisco router, looking at ed0 to be the out, but the old box that was 
> in place, a Cisco Pix, was passing everything.....

So, are you saying the real picture is,

 192.168.0.x -----}
 192.168.1.x -----}
                  }--Cisco Router--|ed0 FreeBSD GW ed1|---- internet
 192.9.200.x -----}
 192.9.205.x -----}

If that's the case, you just need to add the routes on the FreeBSD
gateway,

  # route add net 192.168.0.0 <Cisco Router IP>
  # route add net 192.168.1.0 <Cisco Router IP>
  # route add net 192.168.200.0 <Cisco Router IP>
  # route add net 192.168.205.0 <Cisco Router IP>

Where <Cisco Router IP> is the IP address of the router's interface on
the network with the FreeBSD box's ed0.

To load these at boot, put something like,

  static_routes="0 1 200 205"
  route_0="net 192.168.0.0 <Cisco Router IP>"
  route_1="net 192.168.0.0 <Cisco Router IP>"
  route_200="net 192.168.200.0 <Cisco Router IP>"
  route_205="net 192.168.205.0 <Cisco Router IP>"

In rc.conf(5).
-- 
Crist J. Clark                           cjclark@alum.mit.edu
                                         cjclark@jhu.edu
                                         cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011009232857.D387>