John Brahy wrote:
Hello,
I am having a problem routing IP traffic on my network. my firewall
has three interfaces.
|
+-----+------+
| P2P - t1 |
| router |
| 10.1.2.1 |
+-----+------+
|
+-----+------+
| 10.1.2.2 |
| router |
| 10.1.3.1 |
+-----+------+
|
+-----+------+ +-----------+
| 10.1.3.2 | | DMZ host |
| firewall +-+ 10.1.15.10 |
| 10.1.1.1 | +-----------+
+-----+------+
|
+-----+------+
| 10.1.11.100 |
+------------+
I have net.ip.forwarding=1 and my pf.conf is completely empty right
now. From the 10.1.1.100 client, I can't ping the internet from
10.1.11.100, but I can from my firewall. Is there anything special I
have to do to route private networks? Here's the ipv4 info from
netstat.
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu
Interface
default 10.1.3.1 UGS 0 3 - em0
10.1.3/24 link#1 UC 1 0 - em0
10.1.3.1 00:b0:a2:89:13:45 UHLc 1 1469 - em0
10.1.11/24 link#3 UC 0 0 - em2
10.1.15/24 link#2 UC 0 0 - em1
127/8 127.0.0.1 UGRS 0 0 33192 lo0
127.0.0.1 127.0.0.1 UH 1 0 33192 lo0
224/4 127.0.0.1 URS 0 0 33192 lo0
Any help would be greatly appreciated.
Thanks!
John
You have a network behind a network.
The router that is connected to the internet only knows about the
networks that it is directly attached to.
You would need to tell the external router about the innermost network
through a static route.
