need help pls asap
hi guys.. ok.. this is actually the problem.. the isp give us a public ip.. then it was assigned to the ADSL router.. then at the router, DCHP is enabled... so this means that my freebsd box is inside a private network with ip 172.16.16.2.. router has the private ip 172.16.16.1.. the router itself is doing a NAT because it has a real ip of 62.215.85.228... now what i want to do is to make another private network with the freebsd as their gateway so that i can make some rules for this network.. and this should also act as their firewall.. now i have already configured the 2 network interfaces which is vr1 (172.16.16.2 - for the router's network) and vr0 (192.168.0.1 - for another private network)... now i can ping outside addresses such as yahoo via vr1.. i can also ping 172.16.16.1(my freebsd's gateway) and 192.168.0.1.. the problem is i have one host in my private network having an ip of 192.168.0.2 and i can't ping this host.. what is the problem? i dont have any firewall rules to block any network.. i even add ipfw 1 add allow ip from any to any... iv been thinking that it is a route problem but i dont know how to set the proper route because my box is in between 2 private networks.. these are my route.. Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default172.16.16.1UGSc1 90vr1 127.0.0.1 127.0.0.1 UH 0 49lo0 172.16.16/24 link#2 UC 20vr1 172.16.16.100:0f:3d:87:9c:51 UHLW1 12vr1 1200 172.16.16.400:0b:db:95:89:a0 UHLW1 1912vr1 1081 192.168.0 link#1 UC 20vr0 192.168.0.100:11:95:90:c6:b6 UHLW0 18lo0 192.168.0.200:11:5b:2b:24:20 UHLW00vr0 1188 can you help me with this problem? thanks for giving your time in reading this ill be waiting for your response.. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: need help pls asap
angelito munez wrote: hi guys.. ok.. this is actually the problem.. the isp give us a public ip.. then it was assigned to the ADSL router.. then at the router, DCHP is enabled... so this means that my freebsd box is inside a private network with ip 172.16.16.2.. router has the private ip 172.16.16.1.. the router itself is doing a NAT because it has a real ip of 62.215.85.228... now what i want to do is to make another private network with the freebsd as their gateway so that i can make some rules for this network.. and this should also act as their firewall.. now i have already configured the 2 network interfaces which is vr1 (172.16.16.2 - for the router's network) and vr0 (192.168.0.1 - for another private network)... now i can ping outside addresses such as yahoo via vr1.. i can also ping 172.16.16.1(my freebsd's gateway) and 192.168.0.1.. the problem is i have one host in my private network having an ip of 192.168.0.2 and i can't ping this host.. what is the problem? i dont have any firewall rules t o block any network.. i even add ipfw 1 add allow ip from any to any... iv been thinking that it is a route problem but i dont know how to set the proper route because my box is in between 2 private networks.. these are my route.. Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default172.16.16.1UGSc1 90vr1 127.0.0.1 127.0.0.1 UH 0 49lo0 172.16.16/24 link#2 UC 20vr1 172.16.16.100:0f:3d:87:9c:51 UHLW1 12vr1 1200 172.16.16.400:0b:db:95:89:a0 UHLW1 1912vr1 1081 192.168.0 link#1 UC 20vr0 192.168.0.100:11:95:90:c6:b6 UHLW0 18lo0 192.168.0.200:11:5b:2b:24:20 UHLW00vr0 1188 Please have your mail client wrap your e-mail to this list at 72 characters. Your routing table doesn't look right. Did you copy/paste or transcribe it? You have assigned 192.168.0.1 to your lo0 (loopback, see the manage for lo(4)) interface. However your route for the 192.168.0 says its directly connected on vr0. What does ifconfig output for lo0 vr1 and vr2 show? The reason you can ping 192.168.0.1, is because it is your own interface. It doesn't indicate that the network (e.g. cables, switch hub, etc...) between that interface and the rest of 192.168.0 are set up properly or that 192.168.0.2 is configured properly. can you help me with this problem? thanks for giving your time in reading this ill be waiting for your response.. I'm curious why you are setting things up in the way that you are. I this just a learning experience, or is there any particular reason that you do not want to put all your internal hosts on the same physical subnet and let your ADSL router handle NATing for you? Also, just out of curiosity is this a VIA Mini-ITX based system? Again, please wrap your at 72 characters, if you want to increase your chances of having someone answer your questions. -Ash ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: need help pls asap
On Sat, Apr 23, 2005 at 06:12:39AM -0700, angelito munez wrote: hi guys.. ok.. this is actually the problem.. the isp give us a public ip.. then it was assigned to the ADSL router.. then at the router, DCHP is enabled... so this means that my freebsd box is inside a private network with ip 172.16.16.2.. router has the private ip 172.16.16.1.. the router itself is doing a NAT because it has a real ip of 62.215.85.228... now what i want to do is to make another private network with the freebsd as their gateway so that i can make some rules for this network.. and this should also act as their firewall.. now i have already configured the 2 network interfaces which is vr1 (172.16.16.2 - for the router's network) and vr0 (192.168.0.1 - for another private network)... ... the problem is i have one host in my private network having an ip of 192.168.0.2 and i can't ping this host.. what is the problem? i dont have any firewall rules to ... Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default172.16.16.1UGSc1 90vr1 127.0.0.1 127.0.0.1 UH 0 49lo0 172.16.16/24 link#2 UC 20vr1 172.16.16.100:0f:3d:87:9c:51 UHLW1 12vr1 1200 172.16.16.400:0b:db:95:89:a0 UHLW1 1912vr1 1081 192.168.0 link#1 UC 20vr0 192.168.0.100:11:95:90:c6:b6 UHLW0 18lo0 192.168.0.200:11:5b:2b:24:20 UHLW00vr0 1188 can you help me with this problem? Looks to me like you have the DMZ network (172.16.16.0/24) configured correctly on this machine, but the extra-private network (192.168.0/24) is misconfigured on this machine. To start with, you need to get it to where you can ping each machine from this one, so you're going in the right direction. Try using ifconfig to delete the current config for 192.168.0, then simply ifconfig 192.168.0.1 onto vr0; that should get you to where you can talk onto both networks from this machine. Once that's working, then you can try adding NAT to route from the extra-private network onto the DMZ; when you get that working, it should work end-to-end. (Except for protocols like FTP which require NAT proxies; that may get complicated what with needing to go through 2 in succession.) -- Clifton -- Clifton Royston -- [EMAIL PROTECTED] Tiki Technologies Lead Programmer/Software Architect I'm gonna tell my son to grow up pretty as the grass is green And whip-smart as the English Channel's wide... -- 'Whip-Smart', Liz Phair ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
