Re: Firewall/DMZ routing
08:33:08.160246 arp who-has A.B.C.154 tell A.B.C.145 It looks to me as if your ISP does not know you've subnetd your subnet. If it knew, it should never try to do an arp for the subnet A.B.C.152/29 but route the ICMP to A.B.C.146 and that's it. So the router of your ISP genuinely beleive that A.B.C.154 belongs to its Ethernet reachable network (which is not as you have the FW in between). Olivier ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Firewall/DMZ routing
[Please cc me directly with any replies. Thanks] I'm setting up a multihomed firewall box. I have all interfaces up and running but have something going wrong with routing. The setup: ISP router [A.B.C.144/28, using A.B.C.145] | FIREWALL PUBLIC[A.B.C.146/29] FIREWALL DMZ IFACE [A.B.C.153/29] | DMZ TEST HOST [A.B.C.154/29] I can ping all IPs from the firewall, the firewall from the test DMZ host, and the public firewall IP from the world, but not the firewall DMZ interface or the DMZ test host. All interfaces are up. The firewall is setup as a gateway. If I do a tcpdump on the public interface while pinging the test host from the world I see: 08:33:08.160246 arp who-has A.B.C.154 tell A.B.C.145 netstat -rn says: Internet: DestinationGatewayFlagsRefs Use Netif Expire defaultA.B.C.145 UGSc 60 879em0 127.0.0.1 127.0.0.1 UH 1 372lo0 A.B.C.144/29 link#1 UC 30em0 A.B.C.145 00:02:17:61:75:85 UHLW10em0 1200 A.B.C.146 00:0b:db:90:37:8b UHLW08lo0 A.B.C.152/29 link#3 UC 00em2 I think I should have 2 /29 networks with the firewall routing them, right? Do I need to change the router config? Do I need to establish static routes? Thanks for any pointers, Mark Thomas [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Firewall/DMZ routing
Hi Mark, I'm setting up a multihomed firewall box. I have all interfaces up and running but have something going wrong with routing. do you have forwarding enabled on the firewall? Check if: sysctl net.inet.ip.forwarding shows: net.inet.ip.forwarding: 1 -volker ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Firewall/DMZ routing
-Original Message- From: Volker Kindermann [mailto:[EMAIL PROTECTED] I'm setting up a multihomed firewall box. I have all interfaces up and running but have something going wrong with routing. do you have forwarding enabled on the firewall? Check if: sysctl net.inet.ip.forwarding shows: net.inet.ip.forwarding: 1 Volker, Yes, forwarding is enabled. Mark Thomas [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
