[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freebsd-isp
Subject:    Re: IPFW
From:       Leif Neland <leifn () neland ! dk>
Date:       2000-06-28 19:37:15
[Download RAW message or body]



On Wed, 28 Jun 2000, Peter Salvage wrote:

> Hi Leif
> 
> > >                  net
> > > (a)              |
> > >                router
> > > (b)              | (1st nic)
> > >             FreeBSD
> > > (c)              | (2nd nic)
> > >          mail server--proxy server
> > > (d)                                   | (2nd nic)
> > >                            internal network
> > >
> > > (a) subnet 192.168.0.0/30
> > > (b) subnet 192.168.0.4/30
> > > (c) subnet 192.168.0.8/29
> > > (d) subnet 192.168.0.16/29
> > >
> > > I'm unable to telnet to the router from the internal network, even
> > > though I've set an access list on the router allowing vty 0-4 access
> > > only from subnet (b). Therefore I'm assuming I've left something out
> of
> > > my rules list on the FreeBSD box.
> > >
> > A: Is routing ok, i.e. can you ping? from d to the router? I guess
> so...
> 
> yeah I can...sorry I never mentioned that
> 
> > B: If your access list on the router says only subnet (b) can access
> it,
> > then that's why subnet (d) can not access it. You didn't mention that
> you
> > were using NAT on the FreeBSD box, so if you telnet from (d), that's
> the
> > adress the router will see.
> 
> I'm not running NAT on the freeBSD box, but I am on the Linux box. I
> added the ip addy of the linux box external nic to the access list as
> well as the 2nd nic /30 from the FreeBSD box (c) and it made no
> difference.

Ok. Divide and conquer! (sp?)

Can you telnet to the router from the proxyserver on net (c)?
Can you telnet to something outside the router, from either (c) or (d)?

Leif




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

[prev in list] [next in list] [prev in thread] [next in thread]