On 1/30/07, John Brahy <[EMAIL PROTECTED]> wrote:
On 1/30/07, Will H. Backman <[EMAIL PROTECTED]> wrote:
> John Brahy wrote:
> > Hello,
> >
> > I am having a problem routing IP traffic on my network. my firewall
> > has three interfaces.
> >
> > |
> > +-----+------+
> > | P2P - t1 |
> > | router |
> > | 10.1.2.1 |
> > +-----+------+
> > |
> > +-----+------+
> > | 10.1.2.2 |
> > | router |
> > | 10.1.3.1 |
> > +-----+------+
> > |
> > +-----+------+ +-----------+
> > | 10.1.3.2 | | DMZ host |
> > | firewall +-+ 10.1.15.10 |
> > | 10.1.11.1 | +-----------+
> > +-----+------+
> > |
> > +-----+------+
> > | 10.1.11.100 |
> > +------------+
> >
> > I have net.ip.forwarding=1 and my pf.conf is completely empty right
> > now. From the 10.1.1.100 client, I can't ping the internet from
> > 10.1.11.100, but I can from my firewall. Is there anything special I
> > have to do to route private networks? Here's the ipv4 info from
> > netstat.
> >
> > Routing tables
> >
> > Internet:
> > Destination Gateway Flags Refs Use Mtu
> > Interface
> > default 10.1.3.1 UGS 0 3 - em0
> > 10.1.3/24 link#1 UC 1 0 - em0
> > 10.1.3.1 00:b0:a2:89:13:45 UHLc 1 1469 - em0
> > 10.1.11/24 link#3 UC 0 0 - em2
> > 10.1.15/24 link#2 UC 0 0 - em1
> > 127/8 127.0.0.1 UGRS 0 0 33192 lo0
> > 127.0.0.1 127.0.0.1 UH 1 0 33192 lo0
> > 224/4 127.0.0.1 URS 0 0 33192 lo0
> >
> > Any help would be greatly appreciated.
> >
> > Thanks!
> >
> > John
> >
> You have a network behind a network.
> The router that is connected to the internet only knows about the
> networks that it is directly attached to.
> You would need to tell the external router about the innermost network
> through a static route.
>
From 10.1.11.100 I am not able to ping 10.1.3.1.
ok, thank you very much. I put static routes into my router and now
it's dialed in.
thanks!
