On 6/13/07, <b class="gmail_sendername">Kurt Miller</b> <<a href="mailto:lists@intricatesoftware.com">lists@intricatesoftware.com</a>> wrote:<div><span class="gmail_quote"></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Monday 11 June 2007 12:23:51 pm Barry Kominik wrote:<br>> Hi,<br>> I'm having problems getting a pf filter working. I must be doing something<br>> simple wrong, anybody have any advice?<br>><br>> I have two public routable IP blocks, let's say
<a href="http://1.1.1.1/29">1.1.1.1/29</a> and <a href="http://2.2.2.1/28">2.2.2.1/28</a>.<br>> The colo routes both networks to my handoff. I have the int0 connected to<br>> the handoff from the co-lo and ext0 configured as the
<a href="http://2.2.2.1">2.2.2.1</a>. I have<br>> net.inet.ip.forwarding=1. Shouldn't basic routing work without even enabling<br>> the firewall? Hosts on the 2 network can ping trough to the<br>> 1.1.1.1interface
, but not beyond. Hosts on the internet can see<br>> <a href="http://1.1.1.1">1.1.1.1</a> but nothing on the 2. network. I can get this to work by setting up<br>> a bridge between the interfaces, but this strikes me as incorrect. Am I
<br>> missing something simple? If not I can pay for some consulting time.<br>><br>> Thanks,<br>> Barry<br>><br><br>Is /etc/mygate on the router set?</blockquote><div><br>Yes /etc/mygate is set and net.inet.ip.forwarding=1
. I also configured /etc/networks and tried /etc/gateway. pf is disabled. Shouldn't basic routing work straight away? The routing table looks to me like it gets populated correctly. If I do a tcpdump on the northbound interface I can see the proper packets, but they are not traversing the router.
<br><br>B<br></div><br></div>