Re: Routing issues

Laurence Berland Sat, 14 Oct 2000 23:37:30 -0700


Gregory Sutter wrote:
> 
> I'm setting up a network that looks like this:
> 
> --Internet----Router---Firewall
>                           |
>                           |               /--- host
>                        Switch----NAT-----<----- host
>                           |               \----- host
>                           |                \----- etc...
>                      ---------
>                      |       |
>                    email     ns
> 
> In other words, a fairly typical small network.  I've got an 8-IP
> subnet; all hosts outside the NAT have real IPs:
> 
> router: 1.2.3.193
> firewall: 1.2.3.196  fxp0
>           1.2.3.197  fxp1
> nat:      1.2.3.198
> email:    1.2.3.194
> ns:       1.2.3.195
> 
> The problem I'm having is with my routing.  Surprise.  Here is
> the routing table for the firewall:
> 
> default                 1.2.3.193 fxp0
> 1.2.3.193               link#1 fxp0
> 1.2.3.192/29            link#2 fxp1
> 1.2.3.196               lo0
> 1.2.3.197               lo0
> 

Now my network engineering is far from perfect (anyone have a network
engineering intership for summer 2001?  I do sysadmin and a little
coding also...:) but it looks like the problem is that if the firewall
is acting as a router (as opposed to a bridge, you don't say) then it
will be seeing  both its interfaces plus the router as being in the
1.2.3.192/29 subnet and is thus sending everything to fxp1.  Or maybe
I'm just nuts...

> The gateway_enable (net.inet.ip.forwarding) is also enabled on
> the firewall.
> 
> >From the firewall, I can reach any host with no problems.  However,
> from hosts inside the firewall, I cannot reach outside, and vice
> versa.  I feel I must be missing something obvious, but have played
> with routes for hours to no avail.

Can you reach the router from the firewall?  I say this because the
default of fxp0 will let you get things off your net, but the router may
be another story...

> 
> Does anyone see a problem with the routing of this network?
> 
> Greg
> --
> Gregory S. Sutter                    Computing is a terminal addiction.
> mailto:[EMAIL PROTECTED]
> http://www.zer0.org/~gsutter/
> PGP DSS public key 0x40AE3052
> 
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-hackers" in the body of the message

-- 
Laurence Berland
Intern, Flooz.com
Northwestern '04
[EMAIL PROTECTED]


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
Re: Routing issues

Reply via email to
