[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: routed no route to host
From:       "Thomas Beer" <mailings () analogon ! com>
Date:       2004-04-13 15:23:35
Message-ID: 3838.217.235.122.254.1081869815.squirrel () webmail2 ! pair ! com
[Download RAW message or body]

Dear James,

thanks, but this is not a tight rule set. I can achieve this
with the pass all rule I mentioned. I would explicitly
allow the relevant traffic from/to routed.

Cheers Tom

> Tom,
>    I'm not sure if this will help but we have our firewall set to
> route between RFC 1918 address space and our normal
> address space (it lets us have stuff on the network that
> is reachable from and can reach our normally addresses
> equipment without the ability to get out or be reached from
> outside our network).  Here are the rules we used to set
> this up.  First we had to place the gateway for the RFC 1918
> addresses as an alias address on the interface for that
> network.  Then we placed these rules in ipf:
>
> pass in quick from 172.24.0.0/16 to 172.24.0.1
> block in quick on fxp0 to fxp0 from 172.24.0.0/16 to <normal address
> range>
> block in quick from 172.24.0.0/16 to 172.24.0.0/16
> block in quick on fxp0 to fxp0 from <normal address range> to
> 172.24.0.0/16
>
> You need to use block and not pass in the 2nd and 4th rules or
> you will have two copies of each packet going to the interface.
>
> The first rule allows the devices in the RFC 1918 address space
> to reach their gateway.
>
> The second rule allows the private address space devices to
> reach our normal address space.
>
> The 3rd rule is there just to ignore RFC 1918 internal traffic.
>
> The 4th rule routes traffic from our normal address space to
> the RFC 1918 address space.
>
> There is probably a better way to set this all up in the
> routing table but this works.
> --
> James A. Robbins
> Network Engineer
> The Ohio State University
> Chemistry Department
>
> ----- Original Message -----
> From: "Thomas Beer" <mailings@analogon.com>
> To: <ipfilter@coombs.anu.edu.au>
> Sent: Tuesday, April 13, 2004 8:36 AM
> Subject: routed no route to host
>
>
>>
>> Hi,
>>
>> I'm trying to get routed working with ipfilter. I have two
>> gateways wi0 and rl0. Routed issues
>>
>> Send bcast  sendto(wi0, 192.168.2.0.520): No route to host.
>>
>> a
>>
>> pass in quick on wi0 from any to any
>> pass out quick on wi0 from any to any
>>
>> solves the problem but this isn't a solution. I tryed
>> some rules like
>>
>> pass in quick on wi0 from any to 192.168.2.0/28 port = 520
>>
>> which doesn't fix it. Additionally a
>>
>> sendto(rl0, 224.0.0.1): No route to host
>> sendto(wi0, 224.0.0.1): No route to host
>>
>> pops up. Any suggestions?
>>
>> Thanks Tom
>>
>>
>>
>>
>>
>
>

[prev in list] [next in list] [prev in thread] [next in thread]