[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: subnets, not routing etc.

To: josef.dyma@email.cz
Subject: RE: subnets, not routing etc.
From: "Jenkins, Michael" <Michael.Jenkins@disney.com>
Date: Thu, 16 Nov 2000 06:14:06 -0800
Cc: tech@openbsd.org, misc@openbsd.org

So the ISP gave you C.C.C.32/27 (32-63) and you further subnetted it
to C.C.C.32/28 (32-47) and C.C.C.48/28 (48-63).  Since the ISP router
thinks the entire C.C.C.32/27 is on the lan, it is arping and getting
no reply for the hosts (49-62) you put behind the fw.  Put some proxy
arp entries for the internal hosts with arp(8).  Another alternative
is to use a bridge(4) firewall.

Mike

> -----Original Message-----
> From: josef.dyma@email.cz [mailto:josef.dyma@email.cz]
> Sent: Wednesday, November 15, 2000 10:51 PM
> To: misc@openbsd.org; tech@openbsd.org
> Subject: subnets, not routing etc.
> 
> 
> Hi everybody,
> 
> trying to build a ipf on OpenBSD (2.7 on i386 with 2 fxp{0,1} 
> eth cards,
> from CD, patched, recompiled/ minimized kernel), it seems to 
> be extremely
> secure right now, since it is not even routing... -:). Any tideas
> appreciated: 
> 
> 
> 
> stuff included:
> 
> .32 network (subnet), with .33 gateway from the ISP, .63 broadcast.
> 
> I have divided it into to subnets (.33 -- .46: unprotected, 
> .49 -- .62: protected) in order to be able to put ipf in between them:
>  
> 
> equipment etc.:
> 
> SW1 (D-LINK)
> SW2 (CISCO 3524)
> FW (OpenBSD ipf with fxp0 (external at .34) and fxp1 
> (internal at .49))
> my PC at .61
> 
> The gateway for the FW is .33 (/etc/mygate)
> The gateway for myPC is . 49
> 
> =========================================================
> ISP .33---SW1---(fxp0---FW---fxp1)---SW2---myPC
> =========================================================
> 
> (BTW, ipf disabled (-D) for testing!, also 
> net.inet.ip.forwarding is 1)
> 
> 
> For testing I had a temporary link between SW1 & SW2 and it seemed to
> route fine.  After unplugging it, it doesn't: this is what I 
> see (mostly
> tcpdump on fxp0 & fxp1):
> 
> 
> 
> 1) from myPC (.61) pinging out to 216.32.74.53: 
> on FW, fxp1:	I see ".61 > 216.32.74.53: icmp: echo request"
> on FW, fxp0:	I see the same... 
> 
> 
> 2) from the FW: I can ping anything, get anywhere (including .61).
> 
> 3) from outside, pinging myPC at .61, I cannot see anything... any
> activity on either fxp0 nor fxp1A
> 
> 
> 
> Any suggestions, ideas would be appreciated...
> 
> Thanks,
> 
> --JD
> 
>

Follow-Ups:
- bridge firewall (was: Re: subnets, not routing etc.)
  - From: Philipp Schott <philipp@mathematik.uni-freiburg.de>
- RE: subnets, not routing etc.
  - From: Hakan Olsson <ho@crt.se>

Prev by Date: disable ssh/login for individual an account?
Next by Date: Re: Sendmail
Prev by thread: Re: subnets, not routing etc.
Next by thread: bridge firewall (was: Re: subnets, not routing etc.)
Index(es):
- Date
- Thread