Problem routing 10.x.x.x networks through a firewall
Hello, I am having a problem routing IP traffic on my network. my firewall has three interfaces. | +-+--+ | P2P - t1 | | router | | 10.1.2.1 | +-+--+ | +-+--+ | 10.1.2.2 | | router | | 10.1.3.1 | +-+--+ | +-+--+ +---+ | 10.1.3.2 | | DMZ host | | firewall +-+ 10.1.15.10 | | 10.1.1.1 | +---+ +-+--+ | +-+--+ | 10.1.11.100 | ++ I have net.ip.forwarding=1 and my pf.conf is completely empty right now. From the 10.1.1.100 client, I can't ping the internet from 10.1.11.100, but I can from my firewall. Is there anything special I have to do to route private networks? Here's the ipv4 info from netstat. Routing tables Internet: DestinationGatewayFlagsRefs UseMtu Interface default10.1.3.1 UGS 03 - em0 10.1.3/24 link#1 UC 10 - em0 10.1.3.1 00:b0:a2:89:13:45 UHLc1 1469 - em0 10.1.11/24 link#3 UC 00 - em2 10.1.15/24 link#2 UC 00 - em1 127/8 127.0.0.1 UGRS00 33192 lo0 127.0.0.1 127.0.0.1 UH 10 33192 lo0 224/4 127.0.0.1 URS 00 33192 lo0 Any help would be greatly appreciated. Thanks! John
Re: Problem routing 10.x.x.x networks through a firewall
2007/1/30, John Brahy [EMAIL PROTECTED]: I have net.ip.forwarding=1 and my pf.conf is completely empty right now. From the 10.1.1.100 client, I can't ping the internet from 10.1.11.100, but I can from my firewall. Is there anything special I have to do to route private networks? Here's the ipv4 info from netstat. Does your(s) router(s) know the route to reach 10.1.1.0/24 ? On your router(s) you must have something like route add -net 10.1.1.0/24 10.1.3.2 -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Re: Problem routing 10.x.x.x networks through a firewall
John Brahy wrote: Hello, I am having a problem routing IP traffic on my network. my firewall has three interfaces. | +-+--+ | P2P - t1 | | router | | 10.1.2.1 | +-+--+ | +-+--+ | 10.1.2.2 | | router | | 10.1.3.1 | +-+--+ | +-+--+ +---+ | 10.1.3.2 | | DMZ host | | firewall +-+ 10.1.15.10 | | 10.1.1.1 | +---+ +-+--+ | +-+--+ | 10.1.11.100 | ++ I have net.ip.forwarding=1 and my pf.conf is completely empty right now. From the 10.1.1.100 client, I can't ping the internet from 10.1.11.100, but I can from my firewall. Is there anything special I have to do to route private networks? Here's the ipv4 info from netstat. Routing tables Internet: DestinationGatewayFlagsRefs UseMtu Interface default10.1.3.1 UGS 03 - em0 10.1.3/24 link#1 UC 10 - em0 10.1.3.1 00:b0:a2:89:13:45 UHLc1 1469 - em0 10.1.11/24 link#3 UC 00 - em2 10.1.15/24 link#2 UC 00 - em1 127/8 127.0.0.1 UGRS00 33192 lo0 127.0.0.1 127.0.0.1 UH 10 33192 lo0 224/4 127.0.0.1 URS 00 33192 lo0 Any help would be greatly appreciated. Thanks! John You have a network behind a network. The router that is connected to the internet only knows about the networks that it is directly attached to. You would need to tell the external router about the innermost network through a static route.
Re: Problem routing 10.x.x.x networks through a firewall
On 1/30/07, Will H. Backman [EMAIL PROTECTED] wrote: John Brahy wrote: Hello, I am having a problem routing IP traffic on my network. my firewall has three interfaces. | +-+--+ | P2P - t1 | | router | | 10.1.2.1 | +-+--+ | +-+--+ | 10.1.2.2 | | router | | 10.1.3.1 | +-+--+ | +-+--+ +---+ | 10.1.3.2 | | DMZ host | | firewall +-+ 10.1.15.10 | | 10.1.11.1 | +---+ +-+--+ | +-+--+ | 10.1.11.100 | ++ I have net.ip.forwarding=1 and my pf.conf is completely empty right now. From the 10.1.1.100 client, I can't ping the internet from 10.1.11.100, but I can from my firewall. Is there anything special I have to do to route private networks? Here's the ipv4 info from netstat. Routing tables Internet: DestinationGatewayFlagsRefs UseMtu Interface default10.1.3.1 UGS 03 - em0 10.1.3/24 link#1 UC 10 - em0 10.1.3.1 00:b0:a2:89:13:45 UHLc1 1469 - em0 10.1.11/24 link#3 UC 00 - em2 10.1.15/24 link#2 UC 00 - em1 127/8 127.0.0.1 UGRS00 33192 lo0 127.0.0.1 127.0.0.1 UH 10 33192 lo0 224/4 127.0.0.1 URS 00 33192 lo0 Any help would be greatly appreciated. Thanks! John You have a network behind a network. The router that is connected to the internet only knows about the networks that it is directly attached to. You would need to tell the external router about the innermost network through a static route. From 10.1.11.100 I am not able to ping 10.1.3.1.
Re: Problem routing 10.x.x.x networks through a firewall
On 1/30/07, John Brahy [EMAIL PROTECTED] wrote: On 1/30/07, Will H. Backman [EMAIL PROTECTED] wrote: John Brahy wrote: Hello, I am having a problem routing IP traffic on my network. my firewall has three interfaces. | +-+--+ | P2P - t1 | | router | | 10.1.2.1 | +-+--+ | +-+--+ | 10.1.2.2 | | router | | 10.1.3.1 | +-+--+ | +-+--+ +---+ | 10.1.3.2 | | DMZ host | | firewall +-+ 10.1.15.10 | | 10.1.11.1 | +---+ +-+--+ | +-+--+ | 10.1.11.100 | ++ I have net.ip.forwarding=1 and my pf.conf is completely empty right now. From the 10.1.1.100 client, I can't ping the internet from 10.1.11.100, but I can from my firewall. Is there anything special I have to do to route private networks? Here's the ipv4 info from netstat. Routing tables Internet: DestinationGatewayFlagsRefs UseMtu Interface default10.1.3.1 UGS 03 - em0 10.1.3/24 link#1 UC 10 - em0 10.1.3.1 00:b0:a2:89:13:45 UHLc1 1469 - em0 10.1.11/24 link#3 UC 00 - em2 10.1.15/24 link#2 UC 00 - em1 127/8 127.0.0.1 UGRS00 33192 lo0 127.0.0.1 127.0.0.1 UH 10 33192 lo0 224/4 127.0.0.1 URS 00 33192 lo0 Any help would be greatly appreciated. Thanks! John You have a network behind a network. The router that is connected to the internet only knows about the networks that it is directly attached to. You would need to tell the external router about the innermost network through a static route. From 10.1.11.100 I am not able to ping 10.1.3.1. ok, thank you very much. I put static routes into my router and now it's dialed in. thanks!