Firewall/DMZ routing
Mark Thomas
mthomas at breakawayltd.com
Thu Jun 5 05:36:31 PDT 2003
[Please cc me directly with any replies. Thanks]
I'm setting up a multihomed firewall box. I have all interfaces up and
running but have something going wrong with routing. The setup:
ISP router [A.B.C.144/28, using A.B.C.145]
|
FIREWALL PUBLIC [A.B.C.146/29]
FIREWALL DMZ IFACE [A.B.C.153/29]
|
DMZ TEST HOST [A.B.C.154/29]
I can ping all IPs from the firewall, the firewall from the test DMZ host,
and the public firewall IP from the world, but not the firewall DMZ
interface or the DMZ test host. All interfaces are up. The firewall is setup
as a gateway.
If I do a tcpdump on the public interface while pinging the test host from
the world I see:
08:33:08.160246 arp who-has A.B.C.154 tell A.B.C.145
netstat -rn says:
Internet:
Destination Gateway Flags Refs Use Netif Expire
default A.B.C.145 UGSc 60 879 em0
127.0.0.1 127.0.0.1 UH 1 372 lo0
A.B.C.144/29 link#1 UC 3 0 em0
A.B.C.145 00:02:17:61:75:85 UHLW 1 0 em0 1200
A.B.C.146 00:0b:db:90:37:8b UHLW 0 8 lo0
A.B.C.152/29 link#3 UC 0 0 em2
I think I should have 2 /29 networks with the firewall routing them, right?
Do I need to change the router config? Do I need to establish static routes?
Thanks for any pointers,
Mark Thomas
mthomas at breakwayltd.com
More information about the freebsd-questions
mailing list