Routing problem on 3 homed host

[Tim Preece]

Hi, 

I am really having problems with this, any help appreciated.

Amended repost of ipnat port forwarding froblem

The configuration:

Router:
This is a dedicated ADSL router with integrated firewall and nat
The firewall cannot be configured other than turning ports
on and off for traffic from the internet and routing traffic
to specific hosts. All traffic is sent to the firewall.
Firewall:
This firewall is an i386 arch FreeBSD 5.3 build currently running
ipf and ipnat and sits on the three networks 192.168.0.0/24,
192.168.1.0/24 and 192.168.2.0/24 (This may be wrong, I am unsure
of CIDR - please advise if it is).
rc.conf:
gateway_enable=YES
ipf_enable=YES
ipnat_enable=YES
No nameserver setup all info in hosts files except for 192.168.0.1
for traffic to and from the internet.
resolv.conf:
domain somenet.com
nameserver 192.168.0.2
nameserver 192.168.0.1
ipnat.rules:
map dc0 192.168.2.0/24 - 192.168.0.2/32 portmap tcp/udp 
1:2
map dc0 192.168.2.0/24 - 192.168.0.2/32
map dc0 192.168.1.0/24 - 192.168.0.2/32 portmap tcp/udp
20001:4
map dc0 192.168.1.0/24 - 192.168.0.2/32
ipf.rules: - wide open until I can get this working
pass out quick all
pass in quick all

The setup: (simpified)

   --
   |Internet|
   --
   |
 IP: 192.168.0.10  | IP: x.x.x.x
 ----
 | Laptop || Router |
 ----
   | IP: 192.168.0.1
   |
   | IP: 192.168.0.2 IF: dc0
 --
 |  Firewall  |
 |-
 IP: 192.168.1.2 IF: dc1 || IP 192.168.2.2 IF: rl0
 ||
 IP: 192.168.1.10||
---  ---
| DMZ Host|  | | Switch
---  | |
 | |
 ---
  |
  |
  |
 
 | Pri Host |
 

The problem:
The firewall can ping the router, dmz host and private host
and can retrieve html pages from the internet.
The laptop can ping the firewall
The dmz host can ping the firewall
The private host can ping the firewall
The dmz host and private host cannot ping the router or
retrieve pages from the internet. (No route to host)

Is there something else that I need to setup or do to enable routing
the packets between the 3 networks ?

Any help greatly appreciated.

-
Tim Preece.







___ 
ALL-NEW Yahoo! Messenger - all new features - even more fun! 
http://uk.messenger.yahoo.com
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Routing problem on 3 homed host

[Gelsema, Patrick]

You should add on your router the following routes

192.168.1.0/24
192.168.2.0/24
with gateway 192.168.0.2 (interface firewall)

Your router doesn't know where to return the packets to.

And your firewall needs to route 0.0.0.0 to 192.168.0.1 (router interface)

Your CIDR is good.

These changes should make it work.

Use tracert or traceroute to see at which hop it goes wrong.

Regards

Patrick

 Hi,

 I am really having problems with this, any help appreciated.

 Amended repost of ipnat port forwarding froblem

 The configuration:

 Router:
 This is a dedicated ADSL router with integrated firewall and nat
 The firewall cannot be configured other than turning ports
 on and off for traffic from the internet and routing traffic
 to specific hosts. All traffic is sent to the firewall.
 Firewall:
 This firewall is an i386 arch FreeBSD 5.3 build currently running
 ipf and ipnat and sits on the three networks 192.168.0.0/24,
 192.168.1.0/24 and 192.168.2.0/24 (This may be wrong, I am unsure
 of CIDR - please advise if it is).
 rc.conf:
 gateway_enable=YES
 ipf_enable=YES
 ipnat_enable=YES
 No nameserver setup all info in hosts files except for 192.168.0.1
 for traffic to and from the internet.
 resolv.conf:
 domain somenet.com
 nameserver 192.168.0.2
 nameserver 192.168.0.1
 ipnat.rules:
 map dc0 192.168.2.0/24 - 192.168.0.2/32 portmap tcp/udp
 1:2
 map dc0 192.168.2.0/24 - 192.168.0.2/32
 map dc0 192.168.1.0/24 - 192.168.0.2/32 portmap tcp/udp
 20001:4
 map dc0 192.168.1.0/24 - 192.168.0.2/32
 ipf.rules: - wide open until I can get this working
 pass out quick all
 pass in quick all

 The setup: (simpified)

--
|Internet|
--
|
  IP: 192.168.0.10  | IP: x.x.x.x
  ----
  | Laptop || Router |
  ----
| IP: 192.168.0.1
|
| IP: 192.168.0.2 IF: dc0
  --
  |  Firewall  |
  |-
  IP: 192.168.1.2 IF: dc1 || IP 192.168.2.2 IF: rl0
  ||
  IP: 192.168.1.10||
 ---  ---
 | DMZ Host|  | | Switch
 ---  | |
  | |
  ---
   |
   |
   |
  
  | Pri Host |
  

 The problem:
 The firewall can ping the router, dmz host and private host
 and can retrieve html pages from the internet.
 The laptop can ping the firewall
 The dmz host can ping the firewall
 The private host can ping the firewall
 The dmz host and private host cannot ping the router or
 retrieve pages from the internet. (No route to host)

 Is there something else that I need to setup or do to enable routing
 the packets between the 3 networks ?

 Any help greatly appreciated.

 -
 Tim Preece.







 ___
 ALL-NEW Yahoo! Messenger - all new features - even more fun!
 http://uk.messenger.yahoo.com
 ___
 freebsd-questions@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to
 [EMAIL PROTECTED]


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]