Hello elaconta.com, Thursday, July 27, 2006, 2:03:26 AM, you wrote:
> Tony Abou-Assaleh wrote: >> I would like to see a reference that shows that it is not possible to have >> two networks with the same subnet IP ranges. In fact, your working linux >> PC is a good example that it can be done. >> >> You need to be careful not to use the same full IP address on both sides >> of the network, that's about it. The rest can be handled with a proper >> configuration of the routing table. >> >> take a look at your routing table (using route) and see if you can >> reproduce it on FreeBSD. If you run into problems on the freebsd, report >> them, and someone might recognize something. >> >> Cheers, >> >> TAA >> >> ----------------------------------------------------- >> Tony Abou-Assaleh >> Email: [EMAIL PROTECTED] >> Web site: http://taa.eits.ca >> ----------------------[THE END]---------------------- >> >> On Wed, 26 Jul 2006, elaconta.com Webmaster wrote: >> >> >>> Howdy >>> >>> We have here an old (Mandrake Linux 8 - yeah i know...) PC with two NICs >>> which serves as a firewall for our LAN and runs a Bind caching nameserver. >>> Although the machine is getting old, it still works well. Thing is, i'm >>> having a hard time trying to reproduce it, that is, getting another PC >>> to do exactly the same thing this PC is doing. It was configured by a >>> guy that left the company, so i can't simply ask him how he configured >>> it configured. >>> It's a precautionary measure, if the machine breaks down we need another >>> one to go in its place. >>> So while am at it i would love to replace the crusty old thing with a >>> new one running FreeBSD. >>> The networking scheme is: >>> >>> Router (192.168.1.120) <-> (192.168.1.121) Firewall PC (192.168.1.122) >>> <-> (192.168.1.0/24) LAN >>> >>> Now, thing is, the Linux firewall has two NICs: >>> >>> NIC 1: 192.168.1.121 >>> NIC 2: 192.168.1.122 >>> >>> The two NICs on the Linux box are configured with 192.168.1.121 and >>> 192.168.1.122, both interfaces on the same subnet. 192.168.1.121 acesses >>> the company router (192.168.1.120) and 192.168.1.122 acesses the company >>> LAN (192.168.1.0/24) >>> >From what i've googled, this shouldn't even be possible, everything is >>> on the same subnet. Regardless, it works great, and if i went and got an >>> FreeBSD rig to replace the old Linux rig, it would have to retain this >>> networking scheme, we can't afford to reconfigure the entire network >>> just for switching our firewall. >>> >>> I known we could use a network bridge, but we need the caching >>> nameserver functionality. >>> >>> I'm an all round Unix guy, but i'm a bit green on the routing departament. >>> >>> Can an FreeBSD box be configured the same way the Linux box is so it can >>> be a drop-in replacement for the Linux box? I can of course depict in >>> further detail the configuration of the Linux box (netstat -r to show >>> the routes, ifconfig or whatever). >>> >>> I've already prepped a FreeBSD 6.1 box which already works if the NICs in >>> the gateway >>> are in different subnets (dc0 is 192.168.1.125 and dc1 is 192.168.0.5, for >>> instance), >>> i've changed a PC in the network to the 192.168.0.20 IP (instead of >>> 192.168.1.20) and >>> if connected without a problem to the Internet, but we have lots of >>> appliances which >>> depend on the 192.168.1.0 style network. We would need the two NICs in the >>> box to be in the same subnet... >>> >>> ----------------------------- >>> Elaconta.com Webmaster >>> ----------------------------- >>> >>> _______________________________________________ >>> [email protected] mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >>> To unsubscribe, send any mail to "[EMAIL PROTECTED]" >>> >>> >> >> >> > The routing table on the Linux box, as shown per the "route" command: > [EMAIL PROTECTED] root]# route > Tabela de Roteamento IP do Kernel > Destino Roteador MáscaraGen. Opções Métrica > Ref Uso Iface > 192.168.1.0 * 255.255.255.0 U 0 > 0 0 eth1 > 192.168.1.0 * 255.255.255.0 U 0 > 0 0 eth1 > 127.0.0.0 * 255.0.0.0 U 0 > 0 0 lo > default 192.168.1.120 0.0.0.0 UG 0 > 0 0 eth0 > Hum, some things in this table are in portuguese... Basically "Tabela de > Roteamento IP do Kernel" means Kernel IP Routing Table, "Destino" means > Destiny, "Roteador" means Router, "Máscara" means Mask. U have two simply solutions, and one a little more complicated 1. use bridge, ho suggest someoane 2. if dont' wnat to change network configuration, then change part from firewall to hub or modem or what u have. For example modem 10.1.1.1 <----> 10.1.1.2 firewall (freebsd 6.1) 192.168.1.2<------>lan 192.168.1.0/24 with simple natd config like this use_sockets yes same_ports yes interface xl0 dynamic yes assuming that in your firewall, xl0 is external interface with ip 10.1.1.2, config kernel with proper oprions, and use ipfirewall. 3. i think that is a bit more complicate with route but i don't think that can work, but u can try. I recommend u variant 2 because is very clear, and need to change only modem internal ip. -- Best regards, vladone mailto:[EMAIL PROTECTED] _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[EMAIL PROTECTED]"
