Dear all, I'm currently in the process of jiggling around my SOHO router and a FreeBSD box that I'd like to make more of a router. As it stands currently, the setup is something like this (I hope you've reading this in monospace or it's gonna be a like reading a circuit diagram on a rollercoaster)
( ....................... ) (( Ye bigge badde interweb )) ( ....................... ) || || +------------+ | Vigor 2600 | [10.0.0.2] +------------+ | | +------+ | | ** | | rl1 | +---------------| S |-----... +-----+ | W | | F | | I |-----... | B | | T |-----... The LAN! | S | rl0 | C | [10.0.0.0/24] | D |-------------------| H |-----... | | | | | | | |-----... +-----+ +------+ [10.0.0.1] Now, the more experiencef of you will immediately notice something is wrong ... yes, that's right, the cable marked with the ** shouldn't really be there. In fact, my syslog really wants me to know that something's wrong: Apr 6 19:04:22 phoenix kernel: arp: 10.0.0.2 is on rl0 but got reply from 00:53:7f:74:f4:f3 on rl1 Now, I'm well aware of why that's happening, and I mostly know how to fix it, but I need a little help with a few remaining issues. First, NAT'ing. Currently the Vigor router (10.0.0.2) is the default router for the network, as specified by the FBSD box's DHCP server. If I disconnect the cable I want to disconnect, however, obviously the FBSD box will have to be the router. Now, I've recompiled my kernel with all the relevant options, and I've got an extensive firewall script (ipfw). I've also got the following in my rc.conf: firewall_enable="YES" firewall_script="/etc/ipfw.rules" firewall_logging="YES" natd_enable="YES" natd_interface="rl1" gateway_enable="YES" rl1, by the way, has a public IP block on it, and the vigor router has one of these, let's call it xx.yy.zz.201. On the FBSD box (in rc.conf) we have: defaultrouter="xx.yy.zz.201" ifconfig_rl0="inet 10.0.0.1 netmask 255.255.255.0" ifconfig_rl1="inet xx.yy.zz.202 netmask 255.255.255.248" ifconfig_rl1_alias0="xx.yy.zz.203/29" ... So, really, the question for this bit of the email is .. what else do I need to get my FBSD box acting as a router for the machines on the LAN? .. I assume I'd need an IPFW divert rule to set up all the NATing, but I'm unsure what that should be, and whether it would come before or after all the protective stuff in the firewall script etc etc. ------ The second part of the question is perhaps slightly more complex. The Vigor router has set up on it a LAN-to-LAN PPTP VPN (enough acronyms for you?) to an office elsewhere. As it stands currently, machines on the LAN can access (ping/SMB shares) a class C subnet, 192.168.1.0/24 via this VPN connecion on the Vigor router. Also, machines at the other end of the VPN, in the office, can access machines at this end of the VPN, on the LAN (the other class C: 10.0.0.0/24) The question is, what IPFW divert rules and other whizbangery do I need to set up so that I can disconnect that cable marked ** and have all the VPN stuff keep working. If at all possible, I'd rather not move the management of the VPN onto the FBSD box. ------ OK. So that's that. I appreciate any and all responses, and if anyone needs any more information I will be happy to provide it ... so long as it's not my root password ... actually, come to think of it, that wouldn't help unless you were sitting next to me, but nevermind... Regards, Nick Stenning _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"