[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

subnets, not routing etc.

To: misc@openbsd.org, tech@openbsd.org
Subject: subnets, not routing etc.
From: josef.dyma@email.cz
Date: Wed, 15 Nov 2000 22:51:22 -0500 (EST)

Hi everybody,

trying to build a ipf on OpenBSD (2.7 on i386 with 2 fxp{0,1} eth cards,
from CD, patched, recompiled/ minimized kernel), it seems to be extremely
secure right now, since it is not even routing... -:). Any tideas
appreciated: 



stuff included:

.32 network (subnet), with .33 gateway from the ISP, .63 broadcast.

I have divided it into to subnets (.33 -- .46: unprotected, .49 -- .62: protected) in order to be able to put ipf in between them:
 

equipment etc.:

SW1 (D-LINK)
SW2 (CISCO 3524)
FW (OpenBSD ipf with fxp0 (external at .34) and fxp1 (internal at .49))
my PC at .61

The gateway for the FW is .33 (/etc/mygate)
The gateway for myPC is . 49

=========================================================
ISP .33---SW1---(fxp0---FW---fxp1)---SW2---myPC
=========================================================

(BTW, ipf disabled (-D) for testing!, also net.inet.ip.forwarding is 1)


For testing I had a temporary link between SW1 & SW2 and it seemed to
route fine.  After unplugging it, it doesn't: this is what I see (mostly
tcpdump on fxp0 & fxp1):



1) from myPC (.61) pinging out to 216.32.74.53: 
on FW, fxp1:	I see ".61 > 216.32.74.53: icmp: echo request"
on FW, fxp0:	I see the same... 


2) from the FW: I can ping anything, get anywhere (including .61).

3) from outside, pinging myPC at .61, I cannot see anything... any
activity on either fxp0 nor fxp1A



Any suggestions, ideas would be appreciated...

Thanks,

--JD

Follow-Ups:
- 2 firewalls / sync?
  - From: josef.dyma@email.cz

Prev by Date: should be easy, but I can't get modem to dial
Next by Date: Re: subnets, not routing etc.
Prev by thread: Re: should be easy, but I can't get modem to dial
Next by thread: 2 firewalls / sync?
Index(es):
- Date
- Thread