need help pls asap

Clifton Royston cliftonr at tikitechnologies.com
Sat Apr 23 11:29:18 PDT 2005 

On Sat, Apr 23, 2005 at 06:12:39AM -0700, angelito munez wrote:
> hi guys.. ok.. this is actually the problem.. the isp give us a
> public ip.. then it was assigned to the ADSL router.. then at the
> router, DCHP is enabled... so this means that my freebsd box is
> inside a private network with ip 172.16.16.2.. router has the private
> ip 172.16.16.1.. the router itself is doing a NAT because it has a
> real ip of 62.215.85.228... now what i want to do is to make another
> private network with the freebsd as their gateway so that i can make
> some rules for this network.. and this should also act as their
> firewall.. now i have already configured the 2 network interfaces
> which is vr1 (172.16.16.2 -> for the router's network) and vr0
> (192.168.0.1 -> for another private network)... 
...
> the problem is i
> have one host in my private network having an ip of 192.168.0.2 and i
> can't ping this host.. what is the problem? i dont have any firewall
> rules to
...
> Routing tables
> Internet:
> Destination        Gateway            Flags    Refs      Use  Netif Expire
> default            172.16.16.1        UGSc        1       90    vr1
> 127.0.0.1          127.0.0.1          UH          0       49    lo0
> 172.16.16/24       link#2             UC          2        0    vr1
> 172.16.16.1        00:0f:3d:87:9c:51  UHLW        1       12    vr1   1200
> 172.16.16.4        00:0b:db:95:89:a0  UHLW        1     1912    vr1   1081
> 192.168.0          link#1             UC          2        0    vr0
> 192.168.0.1        00:11:95:90:c6:b6  UHLW        0       18    lo0
> 192.168.0.2        00:11:5b:2b:24:20  UHLW        0        0    vr0   1188
> can you help me with this problem?

Looks to me like you have the "DMZ" network (172.16.16.0/24) configured
correctly on this machine, but the extra-private network (192.168.0/24)
is misconfigured on this machine.

To start with, you need to get it to where you can ping each machine
from this one, so you're going in the right direction. 

Try using ifconfig to delete the current config for 192.168.0, then
simply ifconfig 192.168.0.1 onto vr0; that should get you to where you
can talk onto both networks from this machine.  

Once that's working, then you can try adding NAT to route from the
extra-private network onto the DMZ; when you get that working, it
should work end-to-end. (Except for protocols like FTP which require
NAT proxies; that may get complicated what with needing to go through
2 in succession.)

  -- Clifton

-- 
          Clifton Royston  --  cliftonr at tikitechnologies.com 
         Tiki Technologies Lead Programmer/Software Architect
"I'm gonna tell my son to grow up pretty as the grass is green
And whip-smart as the English Channel's wide..."
                                            -- 'Whip-Smart', Liz Phair

More information about the freebsd-questions mailing list