Re: [interfaces + route] My new firewall doesn't forward packages

To: Carlos Barros <cbf@fisica.edu.uy>
Cc: Davi Leal <david.leal@ene.es>, debian-firewall@lists.debian.org, debian-isp@lists.debian.org
Subject: Re: [interfaces + route] My new firewall doesn't forward packages
From: Bernd Eckenfels <lists@lina.inka.de>
Date: Wed, 5 Jun 2002 21:30:57 +0200
Message-id: <[🔎] 20020605193057.GA24872@lina.inka.de>
In-reply-to: <[🔎] 20020605135910.A31630@fisica.edu.uy>
References: <[🔎] 00cd01c20bce$429ab980$0507e0c2@ene.es> <[🔎] 20020604183346.GA2766@lina.inka.de> <[🔎] 007c01c20c72$9bf00a40$0507e0c2@ene.es> <[🔎] 20020605135910.A31630@fisica.edu.uy>

On Wed, Jun 05, 2002 at 01:59:10PM -0300, Carlos Barros wrote:
> >    Intenet
> >       |
> >       |
> > Gateway; Cisco: 194.224.7.1
> >       |
> >       |
> >       | 194.224.7.9
> > Firewall
> >       | 194.224.7.10
> >       |
> >       |
> >   ----------------------------------------------------------------- LAN
> >          |                           |                            |
> >  194.224.7.3      194.224.7.2        10.128.114.2.2 (Radius)            etc.
> 
> 
> 1- your firewall have 2 interfaces in the same subnet.
> 2- so your firewall dont know where the hosts are.

It does, it is just ugly. If you have no network rute to the .9 interface it
will work. Therefore you have to remove the network route. This can be done
with "route del -net 194.224.7.0 netmask 255.255.255.0 dev eth0". To execute
this command you can eighter put it in a boot up script or you can use the
"up /sbin/route ..." command in interfaces file.

My question why i was asking was because of the different netmask in the
additional routes. The above schema does not require them. A Netroute to the
LAN and a Hostroute to the Cisco and a default gateway using that host route
is everything which is needed.

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

-- 
To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- [interfaces + route] My new firewall doesn't forward packages
  - From: "Davi Leal" <david.leal@ene.es>
- Re: [interfaces + route] My new firewall doesn't forward packages
  - From: Bernd Eckenfels <lists@lina.inka.de>
- Re: [interfaces + route] My new firewall doesn't forward packages
  - From: "Davi Leal" <david.leal@ene.es>
- Re: [interfaces + route] My new firewall doesn't forward packages
  - From: Carlos Barros <cbf@fisica.edu.uy>

Prev by Date: Re: kernel quota control with LDAP
Next by Date: new user, new install
Previous by thread: Re: [interfaces + route] My new firewall doesn't forward packages
Next by thread: Re: [interfaces + route] My new firewall doesn't forward packages
Index(es):
- Date
- Thread