Hi Again.
I have a FreeBSD 6.3 box that runs IPNAT and IPFILTER.
xl0 is the external NIC and is a dhcp client on a cable network.
Naturally, it does IPFILTER.
fxp0 is the internal NIC that hands out dhcp leases to clients inside
the NAT net. It has the address 192.168.0.1.
I also run a caching named on this IPF/IPNAT gateway box. This setup
has worked great for years.
Recently I added a third NIC ( em0 ) to this gateway box and gave it a
static IP 192.168.1.1. I connected em0 to a server via xover cable. I
assigned the server on the other end of the xover cable a static address
of 192.168.1.5. I reconfigured BIND to listen on em0 and fxp0 both.
Connectivity from 192.168.1.1 <---> 192.168.1.5 works great. Both
machines can talk to each other. All that's missing now is for
192.168.1.5 to be able to reach the Internet through 192.168.1.1. The
server with 192.168.1.5 needs to be able to download updates, patches,
etc. I can resolve Internet hosts from 192.168.1.5 but that's all. No
other protocols seem to reach the www.
I am thinking it could be an IPNAT issue or a routing issue; perhaps
both. Here's my /etc/ipnat.conf file:
map xl0 192.168.0.0/24 -> 0.0.0.0/32 portmap tcp/udp auto
map xl0 192.168.0.0/24 -> 0.0.0.0/32
Here is netstat -r on the gateway machine:
default L100.VFTTP-18.BSTN UGS 0 6747766 xl0
71.173.55/24 link#1 UC 0 0 xl0
L100.VSTTP-18.BSTN 00:90:1a:a0:3d:c4 UHLW 2 46 xl0 653
pool-71-173-55-4.b 00:50:da:11:95:97 UHLW 1 0 lo0
localhost localhost UH 0 0 lo0
192.168.0 link#3 UC 0 0 fxp0
192.168.0.38 00:16:01:70:38:94 UHLW 1 420937 fxp0 605
192.168.0.39 00:17:f2:49:d5:23 UHLW 1 6430 fxp0 909
192.168.0.53 00:11:24:21:49:36 UHLW 1 42014 fxp0 391
192.168.1 link#2 UC 0 0 em0
Traffic, except for dns queries, is not being passed out from em0 to xl0.
Here is netstat -rn on the 192.168.01.5 host:
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
Here are the first few lines of my ipf.conf file. There are no other
rules for em0 anywhere in the file.
pass in quick on fxp0 all
pass out quick on fxp0 all
pass in quick on em0 all
pass out quick on em0 all
pass in quick on lo0 all
pass out quick on lo0 all
pass out quick on xl0 all keep state
I am thinking of adding these lines to /etc/rc.conf :
static_routes="emzero"
route_emzero="-net 192.168.1.0/24 192.168.0.1"
Can anyone tell me if that might work before I potentially hose my network?
Thanks.
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
