gateway_enable

Hi,

I have a question about building a FreeBSD gateway.

I want to create a subnet in our internal company network. I have installed FreeBSD 8.0 RELEASE i386, no updates, right from the FreeBSD CD. Now I want to configure this box as the gateway of the subnet. I have two NICs configured. One external for the company network and one for the new subnet. On this box I can reach any other computer in our internal network, I have internet access, too, and I can reach the box on the subnet. The box on the subnet is able to ping both NICs on my FreeBSD box, but cannot reach any other computer of my company network or the internet. Because I don't need any firewall on this subnet, I thought gateway_enable="YES" in /etc/rc.conf should be sufficient. But it doesn't work. Do I need something else?


# cat /etc/rc.conf
keymap="german.iso"
moused_enable="YES"
sshd_enable="YES"
hostname="gw2"
ifconfig_rl0="DHCP"
ifconfig_re0="inet 192.168.50.1  netmask 255.255.255.0"
gateway_enable="YES"


# sysctl net.inet.ip.forwarding
net.inet.ip.forwarding: 1


# netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use  Netif Expire
default            192.168.40.1       UGS         0        0    rl0
127.0.0.1          link#6             UH          0        0    lo0
192.168.40.0/24    link#2             U           1      274    rl0
192.168.40.122     link#2             UHS         0        0    lo0
192.168.50.0/24    link#1             U           0       15    re0
192.168.50.1       link#1             UHS         0        0    lo0

Internet6:
Destination                       Gateway                       Flags      Netif Expire
::1                               ::1                           UH          lo0
fe80::%lo0/64                     link#6                        U           lo0
fe80::1%lo0                       link#6                        UHS         lo0
ff01:6::/32                       fe80::1%lo0                   U           lo0
ff02::%lo0/32                     fe80::1%lo0                   U           lo0


_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[hidden email]"

On Sep 15, 2010, at 12:10 PM, Wolfgang Riegler wrote:
> I want to create a subnet in our internal company network. I have installed FreeBSD 8.0 RELEASE i386, no updates, right from the FreeBSD CD. Now I want to configure this box as the gateway of the subnet. I have two NICs configured. One external for the company network and one for the new subnet. On this box I can reach any other computer in our internal network, I have internet access, too, and I can reach the box on the subnet. The box on the subnet is able to ping both NICs on my FreeBSD box, but cannot reach any other computer of my company network or the internet. Because I don't need any firewall on this subnet, I thought gateway_enable="YES" in /etc/rc.conf should be sufficient. But it doesn't work. Do I need something else?

Yes.  What you've done thus far should work fine if your internal subnet was using routable IPs; since you are using 192.168.x.y RFC-1918 unroutable IPs, you want to also setup NAT on your gateway box:

  http://www.freebsd.org/doc/handbook/network-natd.html

Regards,
--
-Chuck

_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[hidden email]"

 On 15.09.10 21:10, Wolfgang Riegler wrote:

> >  I thought gateway_enable="YES" in /etc/rc.conf should be sufficient. But it doesn't work. Do I need something else?
> >
> >
Looks all ok.
But does 192.168.40.1 have a route to 192.168.50.0/24 via GW
192.168.40.122?

> > Internet:
> > Destination        Gateway            Flags    Refs      Use  Netif Expire
> > default            192.168.40.1       UGS         0        0    rl0
> > 127.0.0.1          link#6             UH          0        0    lo0
> > 192.168.40.0/24    link#2             U           1      274    rl0
> > 192.168.40.122     link#2             UHS         0        0    lo0
> > 192.168.50.0/24    link#1             U           0       15    re0
> > 192.168.50.1       link#1             UHS         0        0    lo0
> >
Gruss Beat

_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[hidden email]"

On Wed, Sep 15, 2010 at 3:30 PM, Beat Siegenthaler <
[hidden email]> wrote:

As Beat questioned, I suspect your company network (192.168.40.0/24) know
that it must use your machine (192.168.50.122) as it's gateway to get to
192.168.50.0/24 ?

In other words, it would appear you have one side of the equation correct
but are missing the other side. Assuming the other gateway is the (single)
default gateway for 192.168.40.0/24 - you should simply have to add a route
on that router instructing it to use 192.168.40.122 (your ip) as the gateway
to the other subnet you created as 192.168.50.0/24.

NETWORK A
   -> use 192.168.50.1 as default gateway
       192.168.50.1 == router == 192.168.40.122

NETWORK B
   -> use 192.168.40.1 as default gateway
   192.168.40.1 == router -> add entry on this router to use 192.168.40.122
to get to 192.168.50.1

Unfortunately, without seeing the route table for both sides I can't be sure
- but like I'd said and Beat had eluded to, I think your missing the
instructions to the other side of the route.

--
Nathan Vidican
[hidden email]
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[hidden email]"

Thank you for your support. You're right, our administrator has to add a route back to the new gateway.



Am Mittwoch, 15. September 2010, 21:30:08 schrieb Beat Siegenthaler:
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[hidden email]"