[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: subnets, not routing etc.


Your picture
> ISP .33---SW1---(fxp0---FW---fxp1)---SW2---myPC
is missing one router...

ISP---router---SW1---(fxp0---FW---fxp1)---SW2---myPC

this router is the key, you must add a route for the net behind you obsd
box with gateway [ip of fxp0] there.

Greetings

Henning

------------------------------------------------------------
Henning Brauer      | Hostmaster BSWS
BS Web Services     | www.bsws.de
Roedingsmarkt 14    | hostmaster@bsws.de
20459 Hamburg
Germany






                                                                                                                                
                    josef.dyma@em                                                                                               
                    ail.cz               To:     misc@openbsd.org, tech@openbsd.org                                             
                    Sent by:             cc:                                                                                    
                    owner-misc@op        Subject:     subnets, not routing etc.                                                 
                    enbsd.org                                                                                                   
                                                                                                                                
                                                                                                                                
                    16.11.2000                                                                                                  
                    04:51                                                                                                       
                                                                                                                                
                                                                                                                                




Hi everybody,

trying to build a ipf on OpenBSD (2.7 on i386 with 2 fxp{0,1} eth cards,
from CD, patched, recompiled/ minimized kernel), it seems to be extremely
secure right now, since it is not even routing... -:). Any tideas
appreciated:



stuff included:

.32 network (subnet), with .33 gateway from the ISP, .63 broadcast.

I have divided it into to subnets (.33 -- .46: unprotected, .49 -- .62:
protected) in order to be able to put ipf in between them:


equipment etc.:

SW1 (D-LINK)
SW2 (CISCO 3524)
FW (OpenBSD ipf with fxp0 (external at .34) and fxp1 (internal at .49))
my PC at .61

The gateway for the FW is .33 (/etc/mygate)
The gateway for myPC is . 49

=========================================================
ISP .33---SW1---(fxp0---FW---fxp1)---SW2---myPC
=========================================================

(BTW, ipf disabled (-D) for testing!, also net.inet.ip.forwarding is 1)


For testing I had a temporary link between SW1 & SW2 and it seemed to
route fine.  After unplugging it, it doesn't: this is what I see (mostly
tcpdump on fxp0 & fxp1):



1) from myPC (.61) pinging out to 216.32.74.53:
on FW, fxp1:   I see ".61 > 216.32.74.53: icmp: echo request"
on FW, fxp0:   I see the same...


2) from the FW: I can ping anything, get anywhere (including .61).

3) from outside, pinging myPC at .61, I cannot see anything... any
activity on either fxp0 nor fxp1A



Any suggestions, ideas would be appreciated...

Thanks,

--JD