Thierry Herbelot wrote:
>
> Gregory Sutter wrote:
> >
> > I'm setting up a network that looks like this:
> >
> > --Internet----Router---Firewall
> > |
> > | /--- host
> > Switch----NAT-----<----- host
> > | \----- host
> > | \----- etc...
> > ---------
> > | |
> > email ns
> >
> > In other words, a fairly typical small network. I've got an 8-IP
> > subnet; all hosts outside the NAT have real IPs:
> >
> > router: 1.2.3.193
> > firewall: 1.2.3.196 fxp0
> > 1.2.3.197 fxp1
> > nat: 1.2.3.198
> > email: 1.2.3.194
> > ns: 1.2.3.195
> >
> > The problem I'm having is with my routing. Surprise. Here is
> > the routing table for the firewall:
> >
> > default 1.2.3.193 fxp0
> > 1.2.3.193 link#1 fxp0
> > 1.2.3.192/29 link#2 fxp1
> > 1.2.3.196 lo0
> > 1.2.3.197 lo0
> >
> > The gateway_enable (net.inet.ip.forwarding) is also enabled on
> > the firewall.
>
> with a *routing* firewall, like the one you are using, you must have two
> different IP subnets, one for each physical interface (or else, the
> kernel will not know which interface to use to send a packet).
You can handle it by using host routes to the interior computers, but that
is messy.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
[EMAIL PROTECTED] http://softweyr.com/
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
