Routing between different networks

D

DLichti

Hi Experts,
I'm trying to set up a FreeBSD computer as router/gateway/firewall between four different networks. The topology looks like this:
Code: 
		Internet
		    |
	    DSL-Modem/Router
		    |
	    192.168.177.0/24
		    |
	+----FreeBSD router-----+
	|	    |		|
    .178.0/24   .179.0/24   .180.0/24
The FreeBSD computer has 4 network interfaces, each of them manually configured respectively to .177.155 (vr0), .178.1 (rl0), .179.1 (rl1) and .180.1 (rl2), the IP address of the DSL-modem is .177.1.

I'm using IPFW and natd on the FreeBSD machine to control network traffic, at least that's the plan. Because everything works fine to get from any of the networks behind the FreeBSD router to the .177.0 network or even to the internet.

But I keep running into problems when it comes to getting a connection between the .178.0, .179.0 and .180.0 networks. For example from a computer in .178.0, IP is .178.20, I can ping any computer in the .177.0 network and every NIC on the FreeBSD router, but not to a computer in .179.0, IP is .179.22. and vice versa.

I tried different settings for loader.conf and rc.conf. I ended up with
loader.conf:
Code: 
ipfw_load="YES"
ipdivert_laod="YES"
rc.conf:
Code: 
[...]
gateway_enable="YES"
routed_enable="YES"
natd_enable="YES"
natd_interface="vr0"
natd_flags="-dynamic -m"
firewall_enable="YES"
firewall_type="open"
[...]
Can anybody tell me what I am missing?

David
 
#1 You don't need NAT on FreeBSD since the DSL router needs to do it. Rather make sure the DSL router can reach all networks behind FreeBSD.
#2
Code: 
gateway_enable="YES"
routed_enable="YES" #Don't need this is RIP
natd_enable="YES" # Don't need, see #1
natd_interface="vr0"# Don't need
natd_flags="-dynamic -m"  # Don't need
firewall_enable="YES"
firewall_type="open"
Note: if your DSL router can't be set to reach the network behind FreeBSD, then you need NAT on FreeBSD.

#3 Since you say ping works across interfaces it means that FreeBSD is routing. I don't use IPFW but it looks like there could be issue.
And obvious question like, do other hosts allow to be pinged at all, and do they know how to reach other networks.

You also should consider running the DHCP service on FreeBSD.
 
Does it work if you turn off firewalling and NAT (as above, NAT not required - a totally open firewall should work for testing connectivity)?

The only line you should need to get routing to work (in /etc/rc.conf - no loader.conf changes required), is

Code: 
gateway_enable="YES"

If that works, your problem is somewhere in your firewall ruleset (assuming all your networks below the FreeBSD machine use it's local network interface's IP (to them) as their gateway (i.e., x.y.z.1).

Your FreeBSD router should have a default route pointing to the DSL router, the DSL router should be doing NAT, and all the other routing on the FreeBSD machine should be implicitly defined by the IP/subnet mask on each NIC. No need for a route daemon and no need to define any additional static routes.

edit:
As above, consider running DHCP on the FreeBSD box, but until you get routing working with statics it's additional complexity...
 
Thanks for a answering and sorry for bothering you.
I finally found out why things didn't work: The firewalls on the different clients blocked out all icmp packets that didn't come from the local network.

David
 
You must log in or register to reply here.
Back
Top