Three-legged firewall woes - BSD

This is a discussion on Three-legged firewall woes - BSD ; I have a machine with the familiar three-legged firewall setup. sis0 is connected to a DSL router (Cisco 678). It has the public IP (1.2.3.4). sis1 is connected to a hub to which the client machines connect. Its IP is ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Three-legged firewall woes

  1. Three-legged firewall woes

    I have a machine with the familiar three-legged firewall setup.

    sis0 is connected to a DSL router (Cisco 678). It has the public IP
    (1.2.3.4).

    sis1 is connected to a hub to which the client machines connect. Its
    IP is 192.168.0.1. The machines connect to and through it with no
    problem. They have IP addresses of 192.168.0.2 . . . and have their
    default gateway set as 192.168.0.1. I have a nat rule for them, etc.

    sis2 is connected to my server. Its IP is 192.168.1.1. The server's
    is 192.168.1.2 with default gateway of 192.168.1.1.
    I
    I cannot, for love or money, connect to the server. Both ping and SSH
    just hang. I know the firewall ruleset isn't a problem because I
    changed it to "pass all" (temporarily) and had similar problems.
    Interestingly, 192.168.1.2 does come up in "route show."

    Any suggestions/ideas?


  2. Re: Three-legged firewall woes

    sealinux@gmail.com wrote:
    ....
    > I cannot, for love or money, connect to the server. Both ping and SSH
    > just hang.

    ....
    > Any suggestions/ideas?

    Ensure your server has a route back to the 192.168.0.0 network?

  3. Re: Three-legged firewall woes

    The server, or the firewall?

    Here's the output of netstat -rn (note 1.2.3.4 is static IP assigned
    by ISP, 1.2.3.1 is default gateway):

    Routing tables
    Internet:
    Destination Gateway Flags Refs Use Mtu
    Interface
    default 1.2.3.1 UGS 8 139896 - sis0
    1.2.3/24 link#1 UC 2 0 - sis0
    1.2.3.1 0:5:5f:7b:f4:8c UHLc 1 0 - sis0
    1.2.3.4 0:2:e3:5:60:66 UHLc 0 17 - lo0
    127/8 127.0.0.1 UGRS 0 0 33224
    lo0
    127.0.0.1 127.0.0.1 UH 1 492 33224
    lo0
    192.168.0/24 link#2 UC 3 0 -
    sis1
    192.168.0.1 0:2:e3:16:92:a9 UHLc 0 2 -
    lo0
    192.168.0.3 0:3:47:40:a:e5 UHLc 0 13663 -
    sis1
    192.168.0.105 0:11:24:7d:32:3c UHLc 1 141 -
    sis1
    192.168.1/24 link#3 UC 2 0 -
    sis2
    192.168.1.1 0:2:e3:1f:5:a6 UHLc 0 97 -
    lo0
    192.168.1.2 0:10:4b:34:4a:aa UHLc 0 186 -
    sis2
    224/4 127.0.0.1 URS 0 0 33224
    lo0

    Does this help?

    How do I add the route? I know "route add," but how would it work in
    this case?


  4. Re: Three-legged firewall woes

    How do I set up routing between the two interfaces???


  5. Re: Three-legged firewall woes

    sealinux@gmail.com wrote:

    > How do I set up routing between the two interfaces???

    sysctl net.inet.ip.forwarding=1 (/etc/sysctl.conf)

+ Reply to Thread