On 1/30/07, Will H. Backman <[EMAIL PROTECTED]> wrote:
John Brahy wrote: > Hello, > > I am having a problem routing IP traffic on my network. my firewall > has three interfaces. > > | > +-----+------+ > | P2P - t1 | > | router | > | 10.1.2.1 | > +-----+------+ > | > +-----+------+ > | 10.1.2.2 | > | router | > | 10.1.3.1 | > +-----+------+ > | > +-----+------+ +-----------+ > | 10.1.3.2 | | DMZ host | > | firewall +-+ 10.1.15.10 | > | 10.1.11.1 | +-----------+ > +-----+------+ > | > +-----+------+ > | 10.1.11.100 | > +------------+ > > I have net.ip.forwarding=1 and my pf.conf is completely empty right > now. From the 10.1.1.100 client, I can't ping the internet from > 10.1.11.100, but I can from my firewall. Is there anything special I > have to do to route private networks? Here's the ipv4 info from > netstat. > > Routing tables > > Internet: > Destination Gateway Flags Refs Use Mtu > Interface > default 10.1.3.1 UGS 0 3 - em0 > 10.1.3/24 link#1 UC 1 0 - em0 > 10.1.3.1 00:b0:a2:89:13:45 UHLc 1 1469 - em0 > 10.1.11/24 link#3 UC 0 0 - em2 > 10.1.15/24 link#2 UC 0 0 - em1 > 127/8 127.0.0.1 UGRS 0 0 33192 lo0 > 127.0.0.1 127.0.0.1 UH 1 0 33192 lo0 > 224/4 127.0.0.1 URS 0 0 33192 lo0 > > Any help would be greatly appreciated. > > Thanks! > > John > You have a network behind a network. The router that is connected to the internet only knows about the networks that it is directly attached to. You would need to tell the external router about the innermost network through a static route.
From 10.1.11.100 I am not able to ping 10.1.3.1.
