routing problem
Bill Moran
wmoran at potentialtech.com
Fri Nov 23 06:50:41 PST 2007
"Alaor Barroso de Carvalho Neto" <alaorneto at gmail.com> wrote:
>
> 2007/11/23, Bill Moran <wmoran at potentialtech.com>:
> >
> > "Alaor Barroso de Carvalho Neto" <alaorneto at gmail.com> wrote:
> >
> > > Yes, I have IPFIlTER installed, but if I would want to everybody ping to
> > > everybody and then block the things in the firewall, it isn't about routes?
> > > because neighter of my networks are pinging to any other right now. By ping
> > > I mean have access.
By ping, mean ping. I don't know what "have access" means, but I know what
"ping" means.
So what do you really mean ... what are you actually doing? If you run
ping 192.168.1.[some working IP] from a machine on the 192.168.2.0/24
network, what is the result?
> > > I thought it would have something to do with setting
> > > routes. BTW, my ipfilter now just pass everything because I'm building the
> > > server, but I already have a config file with the blocks that I would apply.
> >
> > That's a completely different scenario than the one you described in
> > your previous message.
> >
> > Do you have gatetway_enable="YES" in /etc/rc.conf?
>
> Yeah, I know, I was trying to make it work with only adm and external, but
> the real scenario I have is this. Yes I have this line, my rc.conf is like
> this:
> [...]
> gateway_enable="yes"
> defaultrouter="XXX.XXX.XXX.158" (the external ip)
> ifconfig_em0="inet XXX.XXX.XXX.130 netmask 255.255.255.227"
> ifconfig_rl0="inet 192.168.1.80 netmask 255.255.255.0"
> ifconfig_rl1="inet 192.168.2.90 netmask 255.255.255.0"
> ifconfig_rl2="inet 10.10.0.50 netmask 255.255.0.0"
> [...]
>
> I don't know if that matters, but the yes should be YES to things work? I'd
> kill myself if this is the problem.
Don't kill yourself. At least, if you do, will me all your stuff.
The parameter is case-insensitive, I just prefer the caps.
First off, what's the output of "sysctl net.inet.ip.forwarding"? If
it is 0, then reboot and see if it starts working.
Once you're sure that sysctl is being properly set (which is all that
gateway_enable="yes" does), if you're still having problems, disable
ipfilter altogether and see if it starts working. If it does, then
it becomes a discussion of firewall rules.
Also, is your DNS working properly? I don't know how many times I've
seen DNS timeouts mistaken for network problems. 99% of the programs
out there will _seem_ to have a network problem if the DNS isn't working
properly.
--
Bill Moran
http://www.potentialtech.com
More information about the freebsd-questions
mailing list