Connecting networks

Ian Smith smithi at
Tue Dec 11 21:27:36 PST 2007

Re-copying the various contributors ..

On Tue, 11 Dec 2007 20:00:56 -0200
  "Alaor Barroso de Carvalho Neto" <alaorneto at> wrote:
 >  2007/12/11, Jonathan Horne freebsd at
 > > out of curiosity, are you pinging from the 4-interfaced-connected BSD
 > > box, or some other workstation that is trying to use the BSD box as its
 > > gateway?
 > >From a workstation that is trying to use BSD box as its gateway and have the
 > ip of the BSD box as it's default gateway in network settings. My BSD box
 > can ping to everywhere.
 > 2007/12/11, Erik Norgaard <norgaard at>
 > > Could you post your configuration, rc.conf, just the entries related to
 > > network interfaces and routing?
 > >
 > > The BSD box should automatically route any packets between imidiately
 > > connected networks without adding any static routes. Do you have any
 > > firewalling enabled?
 > >
 > > Cheers, Erik
 > I'm not in my work anymore but I'll try to remember it as it is:
 > defaultroute=""

Should be 'defaultrouter', but then it's a route to an apparent local
router, whereas your em0 appears to be your public internet connection?

 > hostname=""
 > gateway_enable="YES"
 > ifconfig_em0="inet XXX.XXX.XXX.XXX netmask"

Hopefully you've just mis-remembered that netmask: it's non-contiguous.
.224 perhaps?

 > ifconfig_xl0="inet netmask"
 > ifconfig_xl1="inet netmask"
 > ifconfig_xl2="inet netmask"
 > pf_enable="YES"
 > pf_rules="/etc/pf.conf"
 > pf_flags=""
 > pflog_enable="YES"
 > pflog_logfile="/var/log/pflog"
 > pflog_flags=""

Let's assume you've disabled your firewall to take that out of the
equation till you get the routing happening as desired ..

 > The rest is just is all the default from the installation.
 > 2007/12/11, Eric Crist <mnslinky at>
 > > Add
 > >
 > > gateway_enable="YES" to /etc/rc.conf.
 > >
 > > Make sure your other systems use the freebsd box in question as their
 > > default route.

I suspect this may be (one of?) your problem(s); more below.

 > > make sure your firewall, if you have one, is passing the traffic
 > > between the two networks.
 > >
 > > Use pf or some other means to nat outbound traffic.
 > >
 > > HTH

Let's also assume you're not (on this box) trying to NAT one or more of
these multiple private networks to public IP address(es) ..

 > I already have this line in my rc.conf.
 > 2007/12/11, Trix Farrar <trix at>:
 > > It sounds like your BSD server is configured correctly.  You may,
 > > however, need to tell the other devices on your different networks how
 > > to find their way.
 > >
 > > Given that you have networks A, B and C that are each connected to
 > > each other by your BSD server, F, the hosts on network A have to know
 > > how to find network B and network C.  If the three networks already
 > > have routers the hosts use as a default gateway, then those routers
 > > will need to have routes added to find your other networks; the
 > > network A router needs to have routes to networks B and C that point
 > > to your BSD server and so on.
 > How I do that?

I think this is at the core or your issue.  Let's assume that a box on
xl1, say, wants to talk with a box on xl2, say needs either your box ( as its default route,
or it needs to have added a specific route for 10.10 via your box. 

Similarly, needs either your box ( as its default
route, or it needs to have added a specific route for 192.168.2 via you. 

Unless both of these conditions are true, packets will not get (or get
back) to where they're supposed to go, even if your box setup is all ok.

 > Thankz guyz for your attention with me! I'm going to have nightmares with
 > this trouble.

Sounds like you need a very good diagram of your boxes and networks and
interfaces so you can easily trace all the paths (and thus the necessary
routes) between the various subnets you're wanting to interconnect.

You also need to look carefully at which boxes/nets have routes to the
internet, via wherever (and at what point their addresses are NAT'd to
and from which public addresses), so you can hope to resolve the vast
potential for routing loops and/or blackholed connections that such a
setup offers :)

Later on, your firewall may be able to help with this by at least
preventing disallowed connections, but the above needs to work first.

cheers, Ian

More information about the freebsd-questions mailing list