On Wed, Sep 14, 2005 at 06:25:14AM +0200, Stephan A. Rickauer wrote: > Hello, > > maybe you could help me in resolving a weired problem. I am so close to > subsitute my linux box with openbsd, but I seem to misunderstand something: > > My gateway/firewall has three interfaces: > > em0 172.16.3.253 > em1 130.60.230.187 > fxp0 10.1.1.1 > > Additionally, three carp devices are set up which bind to one of the > above interfaces each: > > carp0 172.16.3.254 (em0) == LAN > carp1 130.60.230.188 (em1) == DMZ > carp3 130.60.5.218 (fxp0) == Internet > > I have ip.forward turned on, no pf rules are loaded and my default > gateway is properly configured. My local test client is 172.16.3.99. The > test client's default gateway is 172.16.3.254. > > Ping tests: > > Firewall -> Gateway = ok > Firewall -> DMZ = ok > Firewall -> Internet = ok > Firewall -> Test Client = ok > > Test Client -> Firewall = ok > Test Client -> DMZ = ok > Test Client -> Gateway = _not_ ok > Test Client -> Internet = _not_ ok > > > So, ipforward does work in general, but not for fxp0 interface ... My > first thought was, the problem is related to having fxp0 and carp3 in > different segements, but reconfiguring fxp0 to have carp3's IP didn't > help either. > > This is such a simple thing, but I can't think of anything I could have > missed. Any help is appreciated. >
Do you think that private IPs form the 172.16/12 range are routed in the internet? Also you are missing the most important thing -- a netstat -rnfinet output. How should we find out where your packets are going if you do not show us the routing table? Ever tried to use tcpdump on the different interfaces on your router to see where the packets flow? -- :wq Claudio
