routing problem

Alaor Barroso de Carvalho Neto alaorneto at gmail.com
Fri Nov 23 05:41:31 PST 2007 

2007/11/23, Bill Moran <wmoran at potentialtech.com>:
>
> "Alaor Barroso de Carvalho Neto" <alaorneto at gmail.com> wrote:
> >
> > OK guyz, I did some tests and I found the error, like you said, it's a
> > config problem with the routes, I thought the routed daemon would care
> of it
> > for me but it seems like it don't. Please I ask you to forget the
> scenario I
> > said before, now what i have is:
> >
> > The dns server is now with the IP 192.168.1.1. But to turn things more
> easy
> > I installed it in the FreeBSD box that is gonna be my gateway and proxy
> > machine, so the problem isn't about the dns anymore.
> >
> > I work in a school and I have now this sccenario two local networks,
> > 192.168.1/24, an administrative network and 192.168.2/24, an academic
> > network, plus I must have access to a network of other school with the
> ip
> > 10.10/16, because they share their database serverwith us. So the
> FreeBSD
> > machine have four network cards:
> >
> > em0 external world XXX.XXX.XXX.XXX
> > rl0 adm 192.168.1.80
> > rl1 acad 192.168.2.90
> > rl3 database 10.10.0.50
> >
> > They are all separated networks. What I want: 192.168.2 should only
> access
> > the internet, shouldn't have access to 192.168.1 or 10.10/16.
> > 192.168.1should access the internet and
> > 10.10/16, but shouldn't access the academic network. 10.10/16 should
> access
> > only the 192.168.1 network, but it's not a problem if they had access to
> > internet too.
> >
> > How I would set up my rc.conf with my static routes?
>
> This is beyond the scope of routing.  You'll need to install a packet
> filter.  The best at this time is probably pf:
>
> http://www.freebsd.org/cgi/man.cgi?query=pfctl&sektion=8&apropos=0&manpath=FreeBSD+6.2-RELEASE
>
> http://www.freebsd.org/cgi/man.cgi?query=pf.conf&apropos=0&sektion=0&manpath=FreeBSD+6.2-RELEASE&format=html
>
> --
> Bill Moran
> http://www.potentialtech.com
>

Yes, I have IPFIlTER installed, but if I would want to everybody ping to
everybody and then block the things in the firewall, it isn't about routes?
because neighter of my networks are pinging to any other right now. By ping
I mean have access. I thought it would have something to do with setting
routes. BTW, my ipfilter now just pass everything because I'm building the
server, but I already have a config file with the blocks that I would apply.

More information about the freebsd-questions mailing list